🔍 Daily CVE Report - 2026-02-21

High-Risk Vulnerabilities Collected from Multiple Sources

📊 Summary

Report Generated: 2026-02-21 12:43:24

1598
Total Vulnerabilities
1473
High Risk (CVSS > 7.0)
149
In CISA KEV
0
High EPSS (>0.10)
CVE-2026-27169
High
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victim’s browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.
🛡️ CVSS: 8.9 🆕 New Entry
/vendors/: opensift
Published: 2026-02-20
CVE-2026-27168
High
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytes_per_line value. The value os read directly from the file as the read size in io->strict_read(), and is never compared to the actual size of the destination buffer. An attacker can provide an XWD file with an arbitrarily large bytes_per_line, causing a massive write operation beyond the buffer heap allocated for the image pixels. The issue did not have a fix at the time of publication.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: happyseafox
Published: 2026-02-20
CVE-2026-27203
High
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file. An attacker can inject arbitrary environment variables into the .env file. This could lead to configuration overwrites, Denial of Service, and potential RCE. There was no fix for this issue at the time of publication.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: yosefhayim
Published: 2026-02-20
CVE-2026-27202
High
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: getsimplecms-ce
Published: 2026-02-20
CVE-2025-68461
High
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
🛡️ CVSS: 7.2 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: roundcube
Published: 2025-12-18 | Modified: 2026-02-20
CVE-2025-49113
Critical
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
🛡️ CVSS: 9.9 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: roundcube
Published: 2025-06-02 | Modified: 2026-02-20
CVE-2026-27161
High
GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these protections are silently ignored, allowing unauthenticated attackers to list and download sensitive files including authorization.xml, which contains cryptographic salts and API keys. This issue does not have a fix at the time of publication.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: getsimplecms-ce
Published: 2026-02-20
CVE-2026-27146
High
GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The request is accepted without requiring a CSRF token or origin validation. This allows an attacker to upload arbitrary files to the application without the victim’s knowledge or consent. In order to exploit this vulnerability, the victim must be authenticated to GetSimple CMS (e.g., admin user), and visit an attacker-controlled webpage. This issue does not have a fix at the time of publication.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: getsimplecms-ce
Published: 2026-02-20
CVE-2026-27134
High
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted certificates for mTLS authentication on the internal as well as user-configured listeners. All CAs from the CA chain will be trusted. And users with certificates signed by any of the CAs in the chain will be able to authenticate. This issue affects only users using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs. It does not affect users using the Strimzi-managed Cluster and Clients CAs. It also does not affect users using custom Cluster or Clients CA with only a single CA (i.e., no CA chain with multiple CAs). This issue has been fixed in version 0.50.1. To workaround this issue, instead of providing the full CA chain as the custom CA, users can provide only the single CA that should be used.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: strimzi
Published: 2026-02-20
CVE-2026-2333
Critical
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.
🛡️ CVSS: 9.2 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26093
High
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26095
High
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26096
High
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26097
High
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26098
High
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26099
High
Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging/Manipulating Configuration File Search Paths via a crafted network request.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26101
High
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26102
High
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: owl
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2019-25454
High
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection creation to execute arbitrary JavaScript in users' browsers.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: phpmoadmin
Published: 2026-02-20
CVE-2019-25441
Critical
thesystem 1.0 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious input to the run_command endpoint. Attackers can send POST requests with shell commands in the command parameter to execute arbitrary code on the server without authentication.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: kostasmitroglou
Published: 2026-02-20
CVE-2019-25438
High
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: labcollector
Published: 2026-02-20
CVE-2019-25435
High
Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User Management to trigger a stack-based buffer overflow and execute commands via ROP chain gadgets.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: sricam
Published: 2026-02-20
CVE-2019-25434
High
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: nsasoft
Published: 2026-02-20
CVE-2019-25432
High
Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to the application.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: part-db
Published: 2026-02-20
CVE-2019-25431
High
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind techniques, or write files to the server using INTO OUTFILE statements.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: delpino73
Published: 2026-02-20
CVE-2018-25158
High
Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability that allows authenticated users to upload and execute PHP files through the elfinder filemanager module. Attackers can upload files with image headers in the social myfiles section, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: chamilo
Published: 2026-02-20
CVE-2026-2635
Critical
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: mlflow
Published: 2026-02-20
CVE-2026-2048
High
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28591.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: gimp
Published: 2026-02-20
CVE-2026-2047
High
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28530.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: gimp
Published: 2026-02-20
CVE-2026-2045
High
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28265.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: gimp
Published: 2026-02-20
CVE-2026-2044
High
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28158.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: gimp
Published: 2026-02-20
CVE-2026-2041
High
Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the zabbixagent_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28250.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: nagios
Published: 2026-02-20
CVE-2026-2043
High
Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the esensors_websensor_configwizard_func method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28249.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: nagios
Published: 2026-02-20
CVE-2026-2042
High
Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within the monitoringwizard module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-28245.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: nagios
Published: 2026-02-20
CVE-2026-2040
High
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user. Was ZDI-CAN-27788.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: pdf-xchange
Published: 2026-02-20
CVE-2026-2039
High
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-28597.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: gfi
Published: 2026-02-20
CVE-2026-2036
High
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27936.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: gfi
Published: 2026-02-20
CVE-2026-2038
High
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: gfi
Published: 2026-02-20
CVE-2026-2037
High
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27935.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: gfi
Published: 2026-02-20
CVE-2026-2034
High
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28129.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: sante
Published: 2026-02-20
CVE-2026-2033
High
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26649.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: mlflow
Published: 2026-02-20
CVE-2026-0777
High
Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of attachments. When opening an attachment, the user interface fails to warn the user of unsafe actions. An attacker can leverage this vulnerability to execute code in the context of current user. Was ZDI-CAN-26034.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: xmind
Published: 2026-02-20
CVE-2026-0797
High
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28599.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: gimp
Published: 2026-02-20
CVE-2026-26119
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-17 | Modified: 2026-02-20
CVE-2026-20841
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-20846
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21228
High
No description available
🛡️ CVSS: 8.1 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21231
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21232
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21238
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21239
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21240
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21243
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21244
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21245
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21250
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21251
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21255
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21256
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21257
High
No description available
🛡️ CVSS: 8.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21511
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21516
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21525
Medium
No description available
🛡️ CVSS: 6.2 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21514
High
No description available
🛡️ CVSS: 7.8 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21537
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21510
High
No description available
🛡️ CVSS: 8.8 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21531
Critical
No description available
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21535
High
No description available
🛡️ CVSS: 8.2 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-21532
High
No description available
🛡️ CVSS: 8.2 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-05 | Modified: 2026-02-20
CVE-2026-24302
High
No description available
🛡️ CVSS: 8.6 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-05 | Modified: 2026-02-20
CVE-2026-24300
Critical
No description available
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-05 | Modified: 2026-02-20
CVE-2026-21513
High
No description available
🛡️ CVSS: 8.8 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21533
High
No description available
🛡️ CVSS: 7.8 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21229
High
No description available
🛡️ CVSS: 8.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21523
High
No description available
🛡️ CVSS: 8.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21218
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21236
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21235
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21246
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21247
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21248
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21260
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21259
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-21519
High
No description available
🛡️ CVSS: 7.8 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2026-02-10 | Modified: 2026-02-20
CVE-2026-27112
Critical
Kargo manages and automates the promotion of software artifacts. From 1.7.0 to before v1.7.8, v1.8.11, and v1.9.3, the batch resource creation endpoints of both Kargo's legacy gRPC API and newer REST API accept multi-document YAML payloads. Specially crafted payloads can manifest a bug present in the logic of both endpoints to inject arbitrary resources (of specific types only) into the underlying namespace of an existing Project using the API server's own permissions when that behavior was not intended. Critically, an attacker may exploit this as a vector for elevating their own permissions, which can then be leveraged to achieve remote code execution or secret exfiltration. Exfiltrated artifact repository credentials can be leveraged, in turn, to execute further attacks. In some configurations of the Kargo control plane's underlying Kubernetes cluster, elevated permissions may additionally be leveraged to achieve remote code execution or secret exfiltration using kubectl. This can reduce the complexity of the attack, however, worst case scenarios remain entirely achievable even without this. This vulnerability is fixed in v1.7.8, v1.8.11, and v1.9.3.
🛡️ CVSS: 9.4 🆕 New Entry
/vendors/: akuity
Published: 2026-02-20
CVE-2026-2857
Critical
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: d-link
Published: 2026-02-20
CVE-2026-25896
Critical
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: naturalintelligence
Published: 2026-02-20
CVE-2026-24892
High
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized changelog data derived from attacker-influenced application state is unserialized without restricting allowed classes. Although no current application endpoint was found to introduce PHP objects into this data path, the presence of an unrestricted unserialize() call constitutes a latent PHP object injection vulnerability. If future code changes, plugins, or refactors introduce object values into this path, the vulnerability could become immediately exploitable with severe impact, including potential remote code execution.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: openitcockpit
Published: 2026-02-20
CVE-2026-27190
High
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: denoland
Published: 2026-02-20
CVE-2025-30411
Critical
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: windows linux acronis
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2025-30412
Critical
Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: windows linux acronis
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2025-30410
Critical
Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: windows macos linux acronis
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2025-30416
Critical
Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, Windows) before build 41800.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: windows linux acronis
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-21627
Critical
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.
🛡️ CVSS: 9.5 🆕 New Entry
/vendors/: tassos.gr
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2025-12107
Critical
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.
🛡️ CVSS: 10.0 🔄 Recently Updated
/vendors/: wso2
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2025-9062
High
Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.   NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The vulnerability was learned to be remediated through reporter information and testing.
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: mecode informatics and engineering services ltd.
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2025-8350
Critical
Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: inrove software and internet services
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2025-13590
Critical
A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by uploading a specially crafted payload.
🛡️ CVSS: 9.1 🔄 Recently Updated
/vendors/: wso2
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-2856
Critical
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: d-link
Published: 2026-02-20
CVE-2026-26339
Critical
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: hyland
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2025-9953
Critical
Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank Accreditation Software allows SQL Injection.This issue affects Databank Accreditation Software: through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: database software training consulting ltd.
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-2409
Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.
🛡️ CVSS: 9.3 🔄 Recently Updated
/vendors/: delinea
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-2441
Low
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: google
Published: 2026-02-13 | Modified: 2026-02-20
CVE-2026-2818
High
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: vmware
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-27475
High
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior access or another vulnerability) can trigger arbitrary object instantiation and potentially achieve code execution. The use of serialized data in these components has been deprecated and will be removed in SPIP 5. This vulnerability is not mitigated by the SPIP security screen.
🛡️ CVSS: 8.1 🔄 Recently Updated
/vendors/: spip
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-20761
High
A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: enocean edge inc
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-27476
Critical
RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the target system, including reverse shell establishment and command execution.
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: bixat
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-25715
Critical
The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all critical management channels, allowing any network-adjacent attacker to gain full administrative control without credentials.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: jinan usr iot technology limited (pusr)
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-2855
Critical
A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: d-link
Published: 2026-02-20
CVE-2026-24455
High
The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: jinan usr iot technology limited (pusr)
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26286
High
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.16.0, a Server-Side Request Forgery (SSRF) vulnerability in the asset download endpoint allows authenticated users to make arbitrary HTTP requests from the server and read the full response body, enabling access to internal services, cloud metadata, and private network resources. The vulnerability has been patched in the version 1.16.0 by introducing a whitelist domain check for asset download requests. It can be reviewed and customized by editing the `whitelistImportDomains` array in the `config.yaml` file.
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: sillytavern
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26048
High
The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a denial-of-service condition.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: jinan usr iot technology limited (pusr)
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-2473
High
Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictably named Cloud Storage buckets (Bucket Squatting). This vulnerability was patched and no customer action is needed.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: google cloud
Published: 2026-02-20
CVE-2026-2670
High
A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
🛡️ CVSS: 8.3 🔄 Recently Updated
/vendors/: advantech
Published: 2026-02-18 | Modified: 2026-02-20
CVE-2026-2472
High
Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: google cloud
Published: 2026-02-20
CVE-2026-27177
High
MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. User-supplied property values are stored raw in the database without sanitization. When an administrator views the property editor in the admin panel, the stored values are rendered without escaping in both a paragraph tag (SOURCE field) and a textarea element (VALUE field). The XSS fires on page load without requiring any click from the admin. Additionally, the session cookie lacks the HttpOnly flag, enabling session hijack via document.cookie exfiltration. An attacker can enumerate properties via the unauthenticated /api.php/data/ endpoint and poison any property with malicious JavaScript.
🛡️ CVSS: 7.2 🔄 Recently Updated
/vendors/: sergejey
Published: 2026-02-18 | Modified: 2026-02-20
CVE-2026-26337
High
Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.
🛡️ CVSS: 8.2 🔄 Recently Updated
/vendors/: hyland
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26336
High
Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: hyland
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-27178
High
MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into the shoutbox. The /objects/?method= endpoint allows unauthenticated execution of stored methods with attacker-controlled parameters. Default methods such as ThisComputer.VolumeLevelChanged pass the user-supplied VALUE parameter directly into the say() function, which stores the message raw in the shouts database table without escaping. The shoutbox widget renders stored messages without sanitization in both PHP rendering code and HTML templates. Because the dashboard widget auto-refreshes every 3 seconds, the injected script executes automatically when any administrator loads the dashboard, enabling session hijack through cookie exfiltration.
🛡️ CVSS: 7.2 🔄 Recently Updated
/vendors/: sergejey
Published: 2026-02-18 | Modified: 2026-02-20
CVE-2026-2854
Critical
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: d-link
Published: 2026-02-20
CVE-2026-2853
Critical
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: d-link
Published: 2026-02-20
CVE-2026-27179
High
MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] parameter into multiple SQL queries without sanitization or parameterized queries. The commands module is loadable without authentication via the /objects/?module=commands endpoint, which includes arbitrary modules by name and calls their usual() method. Time-based blind SQL injection is exploitable using UNION SELECT SLEEP() syntax. Because MajorDoMo stores admin passwords as unsalted MD5 hashes in the users table, successful exploitation enables extraction of credentials and subsequent admin panel access.
🛡️ CVSS: 8.2 🔄 Recently Updated
/vendors/: sergejey
Published: 2026-02-18 | Modified: 2026-02-20
CVE-2026-24790
High
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: welker
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-27180
Critical
MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL poisoning. The saverestore module exposes its admin() method through the /objects/?module=saverestore endpoint without authentication because it uses gr('mode') (which reads directly from $_REQUEST) instead of the framework's $this->mode. An attacker can poison the system update URL via the auto_update_settings mode handler, then trigger the force_update handler to initiate the update chain. The autoUpdateSystem() method fetches an Atom feed from the attacker-controlled URL with trivial validation, downloads a tarball via curl with TLS verification disabled (CURLOPT_SSL_VERIFYPEER set to FALSE), extracts it using exec('tar xzvf ...'), and copies all extracted files to the document root using copyTree(). This allows an attacker to deploy arbitrary PHP files, including webshells, to the webroot with two GET requests.
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: sergejey
Published: 2026-02-18 | Modified: 2026-02-20
CVE-2019-25444
High
Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or modify database contents.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: phpscriptsmall
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-27115
High
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below have an unvalidated command-line argument that allows any user to trigger recursive deletion of arbitrary directories on the Windows filesystem. ADB Explorer accepts an optional path argument to set a custom data directory, but only check whether the path exists. The ClearDrag() method calls Directory.Delete(dir, true) on every subdirectory of that path at both application startup and exit. An attacker can craft a malicious shortcut (.lnk) or batch script that launches ADB Explorer with a critical directory (e.g. C:\Users\%USERNAME%\Documents) as the argument, causing permanent recursive deletion of all its subdirectories. Any user who launches ADB Explorer via a crafted shortcut, batch file, or script loses the contents of the targeted directory permanently (deletion bypasses the Recycle Bin). This issue has been fixed in version 0.9.26021.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: alex4ssb
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-24891
High
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitc_gearman calls PHP's unserialize() on job payloads without enforcing class restrictions or validating data origin. While the intended deployment assumes only trusted internal components enqueue Gearman jobs, this trust boundary is not enforced in application code. In environments where the Gearman service or worker is exposed to untrusted systems, an attacker may submit crafted serialized payloads to trigger PHP Object Injection in the worker process. This vulnerability is exploitable when Gearman listens on non-local interfaces, network access to TCP/4730 is unrestricted, or untrusted systems can enqueue jobs. Default, correctly hardened deployments may not be immediately exploitable, but the unsafe sink remains present in code regardless of deployment configuration. Enforcing this trust boundary in code would significantly reduce risk and prevent exploitation in misconfigured environments. This issue has been fixed in version 5.4.0.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: openitcockpit
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2021-35402
Critical
PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: prolink
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2025-15114
Critical
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: ksenia security s.p.a.
Published: 2025-12-30 | Modified: 2026-02-20
CVE-2025-15113
High
Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: ksenia security s.p.a.
Published: 2025-12-30 | Modified: 2026-02-20
CVE-2026-26065
Critical
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: kovidgoyal
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2025-15111
Critical
Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: ksenia security s.p.a.
Published: 2025-12-30 | Modified: 2026-02-20
CVE-2026-2820
High
A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: fujian
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2024-3727
High
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
🛡️ CVSS: 8.3 🔄 Recently Updated
/vendors/: red hat
Published: 2024-05-09 | Modified: 2026-02-20
CVE-2025-68472
High
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.
🛡️ CVSS: 8.1 🔄 Recently Updated
/vendors/: mindsdb
Published: 2026-01-12 | Modified: 2026-02-20
CVE-2026-2848
High
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: sourcecodester
Published: 2026-02-20
CVE-2025-32711
Critical
No description available
🛡️ CVSS: 9.3 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-06-11 | Modified: 2026-02-20
CVE-2025-47977
High
No description available
🛡️ CVSS: 8.2 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47968
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47959
High
No description available
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-06-13 | Modified: 2026-02-20
CVE-2025-47176
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55319
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-12 | Modified: 2026-02-20
CVE-2025-47175
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47174
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-59251
High
No description available
🛡️ CVSS: 7.6 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-24 | Modified: 2026-02-20
CVE-2025-47173
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47172
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55322
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-24 | Modified: 2026-02-20
CVE-2025-47170
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55244
Critical
No description available
🛡️ CVSS: 9.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-04 | Modified: 2026-02-20
CVE-2025-47169
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55238
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-04 | Modified: 2026-02-20
CVE-2025-47168
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54914
Critical
No description available
🛡️ CVSS: 10.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-04 | Modified: 2026-02-20
CVE-2025-47167
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47166
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55241
Critical
No description available
🛡️ CVSS: 10.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-04 | Modified: 2026-02-20
CVE-2025-47165
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47164
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47163
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55234
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-33073
High
No description available
🛡️ CVSS: 8.8 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55227
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-33070
High
No description available
🛡️ CVSS: 8.1 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55224
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-33068
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54912
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-33056
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54911
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-33053
High
No description available
🛡️ CVSS: 8.8 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54910
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-33050
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54900
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-32725
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54116
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54113
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-49715
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-06-20 | Modified: 2026-02-20
CVE-2025-32717
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47966
Critical
No description available
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-06-05 | Modified: 2026-02-20
CVE-2025-47962
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-33071
High
No description available
🛡️ CVSS: 8.1 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54103
High
No description available
🛡️ CVSS: 7.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54098
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-47955
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47953
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47162
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54092
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-33075
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54091
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-33067
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-33066
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-33064
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-53805
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-53801
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-53800
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-32724
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-32721
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-49692
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-32718
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-32716
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55317
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-55316
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-32714
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55243
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-55245
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-32713
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-32712
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55236
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-32710
High
No description available
🛡️ CVSS: 8.1 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-55232
Critical
No description available
🛡️ CVSS: 9.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-30399
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-06-13 | Modified: 2026-02-20
CVE-2025-55228
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-29828
High
No description available
🛡️ CVSS: 8.1 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-47957
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-06-10 | Modified: 2026-02-20
CVE-2025-54919
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54918
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54916
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54913
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54908
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54907
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54906
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54905
High
No description available
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54904
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54903
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54902
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54899
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54898
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54897
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54896
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54895
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54894
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54111
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54110
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54106
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-54102
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-09-09 | Modified: 2026-02-20
CVE-2025-62221
High
No description available
🛡️ CVSS: 7.8 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64677
High
No description available
🛡️ CVSS: 8.2 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-18 | Modified: 2026-02-20
CVE-2025-64675
High
No description available
🛡️ CVSS: 8.3 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-18 | Modified: 2026-02-20
CVE-2025-64676
High
No description available
🛡️ CVSS: 7.2 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-18 | Modified: 2026-02-20
CVE-2025-65037
Critical
No description available
🛡️ CVSS: 10.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-18 | Modified: 2026-02-20
CVE-2025-65041
Critical
No description available
🛡️ CVSS: 10.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-18 | Modified: 2026-02-20
CVE-2025-64663
Critical
No description available
🛡️ CVSS: 9.9 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-18 | Modified: 2026-02-20
CVE-2025-54100
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64680
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64679
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64678
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64672
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64671
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64661
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62565
High
No description available
🛡️ CVSS: 7.3 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62570
High
No description available
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62560
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62559
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62558
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62557
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62556
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62554
High
No description available
🛡️ CVSS: 8.4 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62553
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62552
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62550
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62474
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62467
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-55233
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62464
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62462
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62461
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62455
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-59517
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-59516
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64669
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: microsoft
Published: 2025-12-11 | Modified: 2026-02-20
CVE-2025-64673
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64666
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-64658
High
No description available
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62572
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62571
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62564
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62563
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62562
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62561
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62549
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62472
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62470
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62466
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62458
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62457
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62456
High
No description available
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2025-62454
High
No description available
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: x64-based systems microsoft 32-bit systems arm64-based systems
Published: 2025-12-09 | Modified: 2026-02-20
CVE-2026-25998
High
strongMan is a management interface for strongSwan, an OpenSource IPsec-based VPN. When storing credentials in the database (private keys, EAP secrets), strongMan encrypts the corresponding database fields. So far it used AES in CTR mode with a global database key. Together with an initialization vector (IV), a key stream is generated to encrypt the data in the database fields. But because strongMan did not generate individual IVs, every database field was encrypted using the same key stream. An attacker that has access to the database can use this to recover the encrypted credentials. In particular, because certificates, which have to be considered public information, are also encrypted using the same mechanism, an attacker can directly recover a large chunk of the key stream, which allows them to decrypt basically all other secrets especially ECDSA private keys and EAP secrets, which are usually a lot shorter. Version 0.2.0 fixes the issue by switching to AES-GCM-SIV encryption with a random nonce and an individually derived encryption key, using HKDF, for each encrypted value. Database migrations are provided to automatically re-encrypt all credentials.
🛡️ CVSS: 8.7 🔄 Recently Updated
/vendors/: strongswan
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26016
Critical
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node requesting server data is the same node that the server is associated with. Any authenticated Wings node can retrieve server installation scripts (potentially containing secret values) and manipulate the installation status of servers belonging to other nodes. Wings nodes may also manipulate the transfer status of servers belonging to other nodes. This vulnerability requires a user to acquire a secret access token for a node. Unless a user gains access to a Wings secret access token they would not be able to access any of these vulnerable endpoints, as every endpoint requires a valid node access token. A single compromised Wings node daemon token (stored in plaintext at `/etc/pterodactyl/config.yml`) grants access to sensitive configuration data of every server on the panel, rather than only to servers that the node has access to. An attacker can use this information to move laterally through the system, send excessive notifications, destroy server data on other nodes, and otherwise exfiltrate secrets that they should not have access to with only a node token. Additionally, triggering a false transfer success causes the panel to delete the server from the source node, resulting in permanent data loss. Users should upgrade to version 1.12.1 to receive a fix.
🛡️ CVSS: 9.2 🔄 Recently Updated
/vendors/: pterodactyl
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26314
High
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted message. The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth.
🛡️ CVSS: 8.7 🔄 Recently Updated
/vendors/: ethereum
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26275
High
httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's `matches!` macro. Specifically, the comparison `if matches!(digest, _expected_digest)` treated `_expected_digest` as a pattern binding rather than a value comparison, resulting in unconditional success of the match expression. As a consequence, digest verification could incorrectly return success even when the computed digest did not match the expected value. Applications relying on Digest verification as part of HTTP message signature validation may therefore fail to detect message body modification. The severity depends on how the library is integrated and whether additional signature validation layers are enforced. This issue has been fixed in `httpsig-hyper` 0.0.23. The fix replaces the incorrect `matches!` usage with proper value comparison and additionally introduces constant-time comparison for digest verification as defense-in-depth. Regression tests have also been added to prevent reintroduction of this issue. Users are strongly advised to upgrade to the patched version. There is no reliable workaround without upgrading. Users who cannot immediately upgrade should avoid relying solely on Digest verification for message integrity and ensure that full HTTP message signature verification is enforced at the application layer.
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: junkurihara
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26316
High
OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when the configured webhook secret was missing or incorrect. This does not affect the default iMessage integration unless BlueBubbles is installed and enabled. Version 2026.2.13 contains a patch. Other mitigations include setting a non-empty BlueBubbles webhook password and avoiding deployments where a public-facing reverse proxy forwards to a loopback-bound Gateway without strong upstream authentication.
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26317
High
OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does not prevent browser-initiated requests from malicious origins. A malicious website can trigger unauthorized state changes against a victim's local OpenClaw browser control plane (for example opening tabs, starting/stopping the browser, mutating storage/cookies) if the browser control service is reachable on loopback in the victim's browser context. Starting in version 2026.2.14, mutating HTTP methods (POST/PUT/PATCH/DELETE) are rejected when the request indicates a non-loopback Origin/Referer (or `Sec-Fetch-Site: cross-site`). Other mitigations include enabling browser control auth (token/password) and avoid running with auth disabled.
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26319
High
OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are expected to be authenticated via Ed25519 signature verification. In affected versions, TelnyxProvider.verifyWebhook() could effectively fail open when no Telnyx public key was configured, allowing arbitrary HTTP POST requests to the voice-call webhook endpoint to be treated as legitimate Telnyx events. This only impacts deployments where the Voice Call plugin is installed, enabled, and the webhook endpoint is reachable from the attacker (for example, publicly exposed via a tunnel/proxy). The issue has been fixed in version 2026.2.14.
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26320
High
OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw://agent` deep links without an unattended `key`, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full message after the user clicked "Run." At the time of writing, the OpenClaw macOS desktop client is still in beta. In versions 2026.2.6 through 2026.2.13, an attacker could pad the message with whitespace to push a malicious payload outside the visible preview, increasing the chance a user approves a different message than the one that is actually executed. If a user runs the deep link, the agent may perform actions that can lead to arbitrary command execution depending on the user's configured tool approvals/allowlists. This is a social-engineering mediated vulnerability: the confirmation prompt could be made to misrepresent the executed message. The issue is fixed in 2026.2.14. Other mitigations include not approve unexpected "Run OpenClaw agent?" prompts triggered while browsing untrusted sites and usingunattended deep links only with a valid `key` for trusted personal automations.
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2025-25257
Critical
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
🛡️ CVSS: 9.6 🇺🇸 CISA KEV 🔄 Recently Updated
/vendors/: fortinet
Published: 2025-07-17 | Modified: 2026-02-20
CVE-2026-26321
High
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Feishu extension previously allowed `sendMediaFeishu` to treat attacker-controlled `mediaUrl` values as local filesystem paths and read them directly. If an attacker can influence tool calls (directly or via prompt injection), they may be able to exfiltrate local files by supplying paths such as `/etc/passwd` as `mediaUrl`. Upgrade to OpenClaw `2026.2.14` or newer to receive a fix. The fix removes direct local file reads from this path and routes media loading through hardened helpers that enforce local-root restrictions.
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26322
High
OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2.14, the Gateway tool accepted a tool-supplied `gatewayUrl` without sufficient restrictions, which could cause the OpenClaw host to attempt outbound WebSocket connections to user-specified targets. This requires the ability to invoke tools that accept `gatewayUrl` overrides (directly or indirectly). In typical setups this is limited to authenticated operators, trusted automation, or environments where tool calls are exposed to non-operators. In other words, this is not a drive-by issue for arbitrary internet users unless a deployment explicitly allows untrusted users to trigger these tool calls. Some tool call paths allowed `gatewayUrl` overrides to flow into the Gateway WebSocket client without validation or allowlisting. This meant the host could be instructed to attempt connections to non-gateway endpoints (for example, localhost services, private network addresses, or cloud metadata IPs). In the common case, this results in an outbound connection attempt from the OpenClaw host (and corresponding errors/timeouts). In environments where the tool caller can observe the results, this can also be used for limited network reachability probing. If the target speaks WebSocket and is reachable, further interaction may be possible. Starting in version 2026.2.14, tool-supplied `gatewayUrl` overrides are restricted to loopback (on the configured gateway port) or the configured `gateway.remote.url`. Disallowed protocols, credentials, query/hash, and non-root paths are rejected.
🛡️ CVSS: 7.6 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26323
High
OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script `scripts/update-clawtributors.ts`. The issue affects contributors/maintainers (or CI) who run `bun scripts/update-clawtributors.ts` in a source checkout that contains a malicious commit author email (e.g. crafted `@users[.]noreply[.]github[.]com` values). Normal CLI usage is not affected (`npm i -g openclaw`): this script is not part of the shipped CLI and is not executed during routine operation. The script derived a GitHub login from `git log` author metadata and interpolated it into a shell command (via `execSync`). A malicious commit record could inject shell metacharacters and execute arbitrary commands when the script is run. Version 2026.2.14 contains a patch.
🛡️ CVSS: 8.6 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26324
High
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This could allow requests that should be blocked (loopback / private network / link-local metadata) to pass the SSRF guard. Version 2026.2.14 patches the issue.
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26325
High
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between `rawCommand` and `command[]` in the node host `system.run` handler could cause allowlist/approval evaluation to be performed on one command while executing a different argv. This only impacts deployments that use the node host / companion node execution path (`system.run` on a node), enable allowlist-based exec policy (`security=allowlist`) with approval prompting driven by allowlist misses (for example `ask=on-miss`), allow an attacker to invoke `system.run`. Default/non-node configurations are not affected. Version 2026.2.14 enforces `rawCommand`/`command[]` consistency (gateway fail-fast + node host validation).
🛡️ CVSS: 7.2 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26327
High
OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version 2026.2.14, some clients treated TXT values as authoritative routing/pinning inputs. iOS and macOS used TXT-provided host hints (`lanHost`/`tailnetDns`) and ports (`gatewayPort`) to build the connection URL. iOS and Android allowed the discovery-provided TLS fingerprint (`gatewayTlsSha256`) to override a previously stored TLS pin. On a shared/untrusted LAN, an attacker could advertise a rogue `_openclaw-gw._tcp` service. This could cause a client to connect to an attacker-controlled endpoint and/or accept an attacker certificate, potentially exfiltrating Gateway credentials (`auth.token` / `auth.password`) during connection. As of time of publication, the iOS and Android apps are alpha/not broadly shipped (no public App Store / Play Store release). Practical impact is primarily limited to developers/testers running those builds, plus any other shipped clients relying on discovery on a shared/untrusted LAN. Version 2026.2.14 fixes the issue. Clients now prefer the resolved service endpoint (SRV + A/AAAA) over TXT-provided routing hints. Discovery-provided fingerprints no longer override stored TLS pins. In iOS/Android, first-time TLS pins require explicit user confirmation (fingerprint shown; no silent TOFU) and discovery-based direct connects are TLS-only. In Android, hostname verification is no longer globally disabled (only bypassed when pinning).
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26329
High
OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's `upload` action. The server passed these paths to Playwright's `setInputFiles()` APIs without restricting them to a safe root. An attacker must reach the Gateway HTTP surface (or otherwise invoke the same browser control hook endpoints); present valid Gateway auth (bearer token / password), as required by the Gateway configuration (In common default setups, the Gateway binds to loopback and the onboarding wizard generates a gateway token even for loopback); and have the `browser` tool permitted by tool policy for the target session/context (and have browser support enabled). If an operator exposes the Gateway beyond loopback (LAN/tailnet/custom bind, reverse proxy, tunnels, etc.), the impact increases accordingly. Starting in version 2026.2.14, the upload paths are now confined to OpenClaw's temp uploads root (`DEFAULT_UPLOAD_DIR`) and traversal/escape paths are rejected.
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-27001
High
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters (for example newlines or Unicode bidi/zero-width markers), those characters could break the prompt structure and inject attacker-controlled instructions. Starting in version 2026.2.15, the workspace path is sanitized before it is embedded into any LLM prompt output, stripping Unicode control/format characters and explicit line/paragraph separators. Workspace path resolution also applies the same sanitization as defense-in-depth.
🛡️ CVSS: 8.6 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-27002
High
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 blocks dangerous sandbox Docker settings and includes runtime enforcement when building `docker create` args; config-schema validation for `network=host`, `seccompProfile=unconfined`, `apparmorProfile=unconfined`; and security audit findings to surface dangerous sandbox docker config. As a workaround, do not configure `agents.*.sandbox.docker.binds` to mount system directories or Docker socket paths, keep `agents.*.sandbox.docker.network` at `none` (default) or `bridge`, and do not use `unconfined` for seccomp/AppArmor profiles.
🛡️ CVSS: 7.7 🔄 Recently Updated
/vendors/: openclaw
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26959
High
ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in the ManualAdbPath setting before executing it, allowing arbitrary code execution with the privileges of the current user. An attacker can exploit this by crafting a malicious App.txt settings file that points ManualAdbPath to an arbitrary executable, then convincing a victim to launch the application with a command-line argument directing it to the malicious configuration directory. This vulnerability could be leveraged through social engineering tactics, such as distributing a shortcut bundled with a crafted settings file in an archive, resulting in RCE upon application startup. Thus issue has been fixed in version 0.9.26021.
🛡️ CVSS: 7.8 🔄 Recently Updated
/vendors/: alex4ssb
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26967
High
PJSIP is a free and open source multimedia communication library written in C. In versions 2.16 and below, there is a critical Heap-based Buffer Overflow vulnerability in PJSIP's H.264 unpacketizer. The bug occurs when processing malformed SRTP packets, where the unpacketizer reads a 2-byte NAL unit size field without validating that both bytes are within the payload buffer bounds. The vulnerability affects applications that receive video using H.264. A patch is available at https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: pjsip
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26974
High
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports **/*.plugin.{js,mjs} files including those from node_modules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects using this loading behavior are affected, especially those installing untrusted packages. This issue has been fixed in version 0.0.5. To workaround this issue, users can audit and restrict which packages are installed in node_modules.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: tygo-van-den-hurk
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26975
High
Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass the .m3u extension enforcement and write files anywhere on the filesystem, which is exacerbated by the container running as root. This can be exploited to achieve Remote Code Execution by writing a malicious .pth file to the Python site-packages directory, which will execute arbitrary commands when Python loads. This issue has been fixed in version 2.7.0.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: music-assistant
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26980
Critical
Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.
🛡️ CVSS: 9.4 🆕 New Entry
/vendors/: tryghost
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26960
High
node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: isaacs
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26988
Critical
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL Injection vulnerability in the ajax_table.php endpoint. The application fails to properly sanitize or parameterize user input when processing IPv6 address searches. Specifically, the address parameter is split into an address and a prefix, and the prefix portion is directly concatenated into the SQL query string without validation. This allows an attacker to inject arbitrary SQL commands, potentially leading to unauthorized data access or database manipulation. This issue has been fixed in version 26.2.0.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: librenms
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26990
High
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly into an SQL query without proper parameter binding, allowing an attacker to manipulate query logic and infer database information through time-based conditional responses. This vulnerability requires authentication and is exploitable by any authenticated user. This issue has been fixedd in version 26.2.0.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: librenms
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26064
Critical
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: kovidgoyal
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-26996
High
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: isaacs
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-2821
High
A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of the argument ChannelName causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: fujian
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2026-2847
High
A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument Isp_Name results in os command injection. The attack can be launched remotely. The exploit is now public and may be used.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: utt
Published: 2026-02-20
CVE-2026-2846
High
A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: utt
Published: 2026-02-20
CVE-2024-1139
High
A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret.
🛡️ CVSS: 7.7 🔄 Recently Updated
/vendors/: red hat
Published: 2024-04-25 | Modified: 2026-02-20
CVE-2024-1249
High
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.
🛡️ CVSS: 7.4 🔄 Recently Updated
/vendors/: red hat
Published: 2024-04-17 | Modified: 2026-02-20
CVE-2026-26214
High
Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpClient(), the SDK configures Apache HttpClient with SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER, which accepts any valid TLS certificate regardless of hostname mismatch. Because HTTPS is enabled by default in FDSClientConfiguration, all applications using the SDK with default settings are affected. This vulnerability allows a man-in-the-middle attacker to intercept and modify SDK communications to Xiaomi FDS cloud storage endpoints, potentially exposing authentication credentials, file contents, and API responses. The XiaoMi/galaxy-fds-sdk-android open source project has reached end-of-life status.
🛡️ CVSS: 7.4 🔄 Recently Updated
/vendors/: android xiaomi technology co., ltd.
Published: 2026-02-12 | Modified: 2026-02-20
CVE-2026-21626
Critical
Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
🛡️ CVSS: 9.2 🔄 Recently Updated
/vendors/: stackideas.com
Published: 2026-02-06 | Modified: 2026-02-20
CVE-2026-26050
High
The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ricoh company, ltd.
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2025-48041
High
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: erlang
Published: 2025-09-11 | Modified: 2026-02-20
CVE-2025-10970
Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: kolay software inc.
Published: 2026-02-20 | Modified: 2026-02-20
CVE-2025-48042
High
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines 'Elixir.Ash.Actions.Create.Bulk':run/5, 'Elixir.Ash.Actions.Destroy.Bulk':run/6, 'Elixir.Ash.Actions.Update.Bulk:run'/6. This issue affects ash: from pkg:hex/ash before pkg:hex/ash@3.5.39, before 3.5.39, before 5d1b6a5d00771fd468a509778637527b5218be9a.
🛡️ CVSS: 7.1 🔄 Recently Updated
/vendors/: ash-project
Published: 2025-09-07 | Modified: 2026-02-20
CVE-2025-48043
High
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2. This issue affects ash: from pkg:hex/ash@0 before pkg:hex/ash@3.6.2, before 3.6.2, before 66d81300065b970da0d2f4528354835d2418c7ae.
🛡️ CVSS: 8.6 🔄 Recently Updated
/vendors/: ash-project
Published: 2025-10-10 | Modified: 2026-02-20
CVE-2025-48044
High
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
🛡️ CVSS: 8.6 🔄 Recently Updated
/vendors/: ash-project
Published: 2025-10-17 | Modified: 2026-02-20
CVE-2026-2629
High
A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TTS Provider. This manipulation of the argument phrase causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
🛡️ CVSS: 7.5 🔄 Recently Updated
/vendors/: jishi
Published: 2026-02-17 | Modified: 2026-02-20
CVE-2026-26030
Critical
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.
🛡️ CVSS: 10.0 🔄 Recently Updated
/vendors/: microsoft
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26359
High
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files.
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: dell
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2026-26358
High
Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
🛡️ CVSS: 8.8 🔄 Recently Updated
/vendors/: dell
Published: 2026-02-19 | Modified: 2026-02-20
CVE-2019-19006
Low
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-11-21 | Modified: 2026-02-03
CVE-2018-7602
Low
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: drupal
Published: 2018-07-19 | Modified: 2025-12-17
CVE-2018-0798
Low
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft corporation
Published: 2018-01-10 | Modified: 2025-10-21
CVE-2018-0802
Low
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft corporation
Published: 2018-01-10 | Modified: 2025-10-21
CVE-2018-6789
Low
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-02-08 | Modified: 2025-10-21
CVE-2018-2380
Low
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: sap se
Published: 2018-03-01 | Modified: 2025-10-21
CVE-2018-6530
Low
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-03-06 | Modified: 2025-10-21
CVE-2018-7445
Low
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-03-19 | Modified: 2025-10-21
CVE-2018-6882
Low
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-03-27 | Modified: 2025-10-21
CVE-2018-7600
Low
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-03-29 | Modified: 2025-10-21
CVE-2018-1273
Low
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: spring by pivotal
Published: 2018-04-11 | Modified: 2025-10-21
CVE-2018-5430
High
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.
🛡️ CVSS: 7.7 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-04-17 | Modified: 2025-10-21
CVE-2018-2628
Low
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: oracle corporation
Published: 2018-04-19 | Modified: 2025-10-21
CVE-2018-10561
Low
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-05-04 | Modified: 2025-10-21
CVE-2018-10562
Low
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-05-04 | Modified: 2025-10-21
CVE-2018-0824
Low
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-05-09 | Modified: 2025-10-21
CVE-2018-8120
Low
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-05-09 | Modified: 2025-10-21
CVE-2018-8174
Low
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-05-09 | Modified: 2025-10-21
CVE-2018-4939
Low
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-05-19 | Modified: 2025-10-21
CVE-2018-11138
Low
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-05-31 | Modified: 2025-10-21
CVE-2018-6961
Low
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: vmware
Published: 2018-06-11 | Modified: 2025-10-21
CVE-2018-9276
Low
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-07-02 | Modified: 2025-10-21
CVE-2018-4990
Low
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-07-09 | Modified: 2025-10-21
CVE-2018-8298
Low
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-07-11 | Modified: 2025-10-21
CVE-2018-14847
Low
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-08-02 | Modified: 2025-10-21
CVE-2018-14933
Low
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-08-04 | Modified: 2025-10-21
CVE-2018-15133
Low
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-08-09 | Modified: 2025-10-21
CVE-2018-8373
Low
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-08-15 | Modified: 2025-10-21
CVE-2018-8405
Low
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-08-15 | Modified: 2025-10-21
CVE-2018-8406
Low
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-08-15 | Modified: 2025-10-21
CVE-2018-8414
Low
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-08-15 | Modified: 2025-10-21
CVE-2018-11776
Low
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: apache software foundation
Published: 2018-08-22 | Modified: 2025-10-21
CVE-2018-8440
Low
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-09-13 | Modified: 2025-10-21
CVE-2018-15961
Low
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: adobe
Published: 2018-09-25 | Modified: 2025-10-21
CVE-2018-8453
Low
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-10-10 | Modified: 2025-10-21
CVE-2018-14558
Low
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-10-30 | Modified: 2025-10-21
CVE-2018-14667
Critical
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
🛡️ CVSS: 9.8 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: [unknown]
Published: 2018-11-06 | Modified: 2025-10-21
CVE-2018-8581
Low
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-11-14 | Modified: 2025-10-21
CVE-2018-8589
Low
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-11-14 | Modified: 2025-10-21
CVE-2018-17463
Low
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: google
Published: 2018-11-14 | Modified: 2025-10-21
CVE-2018-6065
Low
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: google
Published: 2018-11-14 | Modified: 2025-10-21
CVE-2018-19410
Low
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-11-21 | Modified: 2025-10-21
CVE-2018-1000861
Low
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-12-10 | Modified: 2025-10-21
CVE-2018-17480
Low
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: google
Published: 2018-12-11 | Modified: 2025-10-21
CVE-2018-20062
Low
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-12-11 | Modified: 2025-10-21
CVE-2018-8611
Low
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-12-12 | Modified: 2025-10-21
CVE-2018-8639
Low
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-12-12 | Modified: 2025-10-21
CVE-2018-8653
Low
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2018-12-20 | Modified: 2025-10-21
CVE-2018-19320
Low
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-12-21 | Modified: 2025-10-21
CVE-2018-19321
Low
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-12-21 | Modified: 2025-10-21
CVE-2018-19322
Low
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-12-21 | Modified: 2025-10-21
CVE-2018-19323
Low
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2018-12-21 | Modified: 2025-10-21
CVE-2019-0541
Low
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-01-08 | Modified: 2025-10-21
CVE-2018-13374
Medium
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
🛡️ CVSS: 4.3 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: fortinet
Published: 2019-01-22 | Modified: 2025-10-21
CVE-2018-20753
Low
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-02-05 | Modified: 2025-10-21
CVE-2018-20250
Low
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: check point software technologies ltd.
Published: 2019-02-05 | Modified: 2025-10-21
CVE-2019-0604
Low
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-03-06 | Modified: 2025-10-21
CVE-2019-0676
Low
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-03-06 | Modified: 2025-10-21
CVE-2018-18809
Critical
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.
🛡️ CVSS: 9.9 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-03-07 | Modified: 2025-10-21
CVE-2019-1003029
Low
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: jenkins project
Published: 2019-03-08 | Modified: 2025-10-21
CVE-2019-1003030
Low
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: jenkins project
Published: 2019-03-08 | Modified: 2025-10-21
CVE-2019-10068
Low
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-03-26 | Modified: 2025-10-21
CVE-2018-4344
Low
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-04-03 | Modified: 2025-10-21
CVE-2019-11001
Low
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-04-08 | Modified: 2025-10-21
CVE-2019-0211
Low
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: apache
Published: 2019-04-08 | Modified: 2025-10-21
CVE-2019-0703
Low
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-04-08 | Modified: 2025-10-21
CVE-2019-0808
Low
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-04-09 | Modified: 2025-10-21
CVE-2019-0797
Low
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-04-09 | Modified: 2025-10-21
CVE-2019-0752
Low
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-04-09 | Modified: 2025-10-21
CVE-2019-0803
Low
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-04-09 | Modified: 2025-10-21
CVE-2019-0841
Low
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-04-09 | Modified: 2025-10-21
CVE-2019-0859
Low
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-04-09 | Modified: 2025-10-21
CVE-2019-11539
High
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
🛡️ CVSS: 8.0 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-04-26 | Modified: 2025-10-21
CVE-2019-11510
Critical
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
🛡️ CVSS: 9.9 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-05-08 | Modified: 2025-10-21
CVE-2018-14839
Low
LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-05-14 | Modified: 2025-10-21
CVE-2019-0708
Low
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-05-16 | Modified: 2025-10-21
CVE-2019-0863
Low
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-05-16 | Modified: 2025-10-21
CVE-2019-0903
Low
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-05-16 | Modified: 2025-10-21
CVE-2019-11634
Low
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-05-22 | Modified: 2025-10-21
CVE-2018-7841
Low
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: u.motion
Published: 2019-05-22 | Modified: 2025-10-21
CVE-2018-13383
Medium
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages.
🛡️ CVSS: 4.3 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: fortinet
Published: 2019-05-29 | Modified: 2025-10-21
CVE-2019-11580
Low
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: atlassian
Published: 2019-06-03 | Modified: 2025-10-21
CVE-2018-13379
Critical
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
🛡️ CVSS: 9.1 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: fortinet
Published: 2019-06-04 | Modified: 2025-10-21
CVE-2018-13382
Critical
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests
🛡️ CVSS: 9.1 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: fortinet
Published: 2019-06-04 | Modified: 2025-10-21
CVE-2019-10149
Critical
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
🛡️ CVSS: 9.0 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: exim
Published: 2019-06-05 | Modified: 2025-10-21
CVE-2019-1064
High
No description available
🛡️ CVSS: 7.8 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-10-21
CVE-2019-1069
High
No description available
🛡️ CVSS: 7.8 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-10-21
CVE-2018-15811
Low
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-07-03 | Modified: 2025-10-21
CVE-2018-18325
Low
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-07-03 | Modified: 2025-10-21
CVE-2019-0880
Low
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-07-15 | Modified: 2025-10-21
CVE-2019-12991
Low
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-07-16 | Modified: 2025-10-21
CVE-2019-12989
Low
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-07-16 | Modified: 2025-10-21
CVE-2019-13272
Low
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-07-17 | Modified: 2025-10-21
CVE-2019-11708
Low
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: mozilla
Published: 2019-07-23 | Modified: 2025-10-21
CVE-2019-11707
Low
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: mozilla
Published: 2019-07-23 | Modified: 2025-10-21
CVE-2019-1129
Low
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-07-29 | Modified: 2025-10-21
CVE-2019-1130
Low
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-07-29 | Modified: 2025-10-21
CVE-2019-1132
Low
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-07-29 | Modified: 2025-10-21
CVE-2019-0193
Low
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: apache
Published: 2019-08-01 | Modified: 2025-10-21
CVE-2019-11581
Low
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: atlassian
Published: 2019-08-09 | Modified: 2025-10-21
CVE-2019-0344
Low
Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possible to execute arbitrary code on a target machine with 'Hybris' user rights, resulting in Code Injection.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: sap se
Published: 2019-08-14 | Modified: 2025-10-21
CVE-2019-15107
Low
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-08-16 | Modified: 2025-10-21
CVE-2019-15752
Low
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-08-28 | Modified: 2025-10-21
CVE-2019-13608
Low
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-08-29 | Modified: 2025-10-21
CVE-2019-15949
Low
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-09-05 | Modified: 2025-10-21
CVE-2019-1214
Low
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-09-11 | Modified: 2025-10-21
CVE-2019-1215
Low
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-09-11 | Modified: 2025-10-21
CVE-2019-1253
Low
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-09-11 | Modified: 2025-10-21
CVE-2019-1297
Low
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-09-11 | Modified: 2025-10-21
CVE-2019-16256
Low
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-09-12 | Modified: 2025-10-21
CVE-2019-16057
Low
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-09-16 | Modified: 2025-10-21
CVE-2019-1367
Low
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-09-23 | Modified: 2025-10-21
CVE-2019-16759
Low
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-09-24 | Modified: 2025-10-21
CVE-2019-16920
Low
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-09-27 | Modified: 2025-10-21
CVE-2019-16928
Low
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-09-27 | Modified: 2025-10-21
CVE-2019-1315
Low
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-10-10 | Modified: 2025-10-21
CVE-2019-1322
Low
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-10-10 | Modified: 2025-10-21
CVE-2019-16278
Low
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-10-14 | Modified: 2025-10-21
CVE-2019-11043
High
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
🛡️ CVSS: 8.7 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: php
Published: 2019-10-28 | Modified: 2025-10-21
CVE-2019-1385
Low
An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-11-12 | Modified: 2025-10-21
CVE-2019-1388
Low
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-11-12 | Modified: 2025-10-21
CVE-2019-1405
Low
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: microsoft
Published: 2019-11-12 | Modified: 2025-10-21
CVE-2019-13720
Low
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: google
Published: 2019-11-25 | Modified: 2025-10-21
CVE-2019-15271
High
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
🛡️ CVSS: 8.8 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: cisco
Published: 2019-11-26 | Modified: 2025-10-21
CVE-2019-18935
Low
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-12-11 | Modified: 2025-10-21
CVE-2019-10758
Low
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-12-24 | Modified: 2025-10-21
CVE-2019-19781
Low
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-12-27 | Modified: 2025-10-21
CVE-2019-17621
Low
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-12-30 | Modified: 2025-10-21
CVE-2019-17558
Low
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2019-12-30 | Modified: 2025-10-21
CVE-2019-18426
Low
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: facebook
Published: 2020-01-21 | Modified: 2025-10-21
CVE-2019-18988
Low
TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations since at least as far back as v7.0.43148, and used it for at least OptionsPasswordAES in the current version of the product. If an attacker were to know this key, they could decrypt protect information stored in the registry or configuration files of TeamViewer. With versions before v9.x , this allowed for attackers to decrypt the Unattended Access password to the system (which allows for remote login to the system as well as headless file browsing). The latest version still uses the same key for OptionPasswordAES but appears to have changed how the Unattended Access password is stored. While in most cases an attacker requires an existing session on a system, if the registry/configuration keys were stored off of the machine (such as in a file share or online), an attacker could then decrypt the required password to login to the system.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2020-02-07 | Modified: 2025-10-21
CVE-2019-19356
Low
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: n/a
Published: 2020-02-07 | Modified: 2025-10-21
CVE-2019-17026
Low
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: mozilla
Published: 2020-03-02 | Modified: 2025-10-21
CVE-2018-19943
High
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
🛡️ CVSS: 8.0 🇺🇸 CISA KEV 🆕 New Entry
/vendors/: build 20200330 build 20200409 qnap systems inc. build 20200421 build 20200410 build 20200408
Published: 2020-10-28 | Modified: 2025-10-21
CVE-2018-19949
Low
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: build 20200214 qnap systems inc. build 20200130 build 20200302 build 20200109 build 20200107
Published: 2020-10-28 | Modified: 2025-10-21
CVE-2018-19953
Low
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
🇺🇸 CISA KEV 🆕 New Entry
/vendors/: build 20200214 qnap systems inc. build 20200130 build 20200302 build 20200109 build 20200107
Published: 2020-10-28 | Modified: 2025-10-21
CVE-2019-19300
High
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET 200eco PN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET 200eco PN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET 200eco PN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET 200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2020-04-14 | Modified: 2025-07-08
CVE-2019-13939
High
A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: siemens
Published: 2020-01-16 | Modified: 2025-06-10
CVE-2019-10964
High
Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: medtronic
Published: 2019-06-28 | Modified: 2025-05-22
CVE-2018-10596
High
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a Medtronic-hosted update network. Once the VPN is established, it makes a request to a HTTP (non-TLS) server across the VPN for updates, which responds and provides any available updates. The programmer-side (client) service responsible for this HTTP request does not check to ensure it is still connected to the VPN before making the HTTP request. Thus, an attacker could cause the VPN connection to terminate (through various methods and attack points) and intercept the HTTP request, responding with malicious updates via a man-in-the-middle attack. The affected products do not verify the origin or integrity of these updates, as it insufficiently relied on the security of the VPN. An attacker with remote network access to the programmer could influence these communications.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: medtronic
Published: 2018-07-02 | Modified: 2025-05-22
CVE-2019-1080
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: windows server 2019 windows rt 8.1 windows 10 version 1607 for 32-bit systems windows 7 for 32-bit systems service pack 1 windows server 2016 windows 8.1 for 32-bit systems windows 10 version 1903 for 32-bit systems windows 10 version 1903 for x64-based systems windows 10 version 1607 for x64-based systems windows 10 version 1803 for arm64-based systems windows 10 version 1703 for x64-based systems windows 10 version 1809 for 32-bit systems windows 10 version 1803 for 32-bit systems windows 10 for x64-based systems windows 7 for x64-based systems service pack 1 windows server 2012 windows 10 version 1903 for arm64-based systems windows 10 version 1709 for x64-based systems windows server 2008 r2 for x64-based systems service pack 1 windows 10 version 1803 for x64-based systems windows 10 version 1709 for arm64-based systems windows 10 for 32-bit systems windows server 2008 for x64-based systems service pack 2 windows 10 version 1703 for 32-bit systems windows 10 version 1809 for x64-based systems windows 10 version 1709 for 32-bit systems windows 10 version 1809 for arm64-based systems windows 8.1 for x64-based systems microsoft windows server 2012 r2 windows server 2008 for 32-bit systems service pack 2
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1065
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1045
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1038
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: windows server 2019 windows rt 8.1 windows 7 for 32-bit systems service pack 1 windows server 2016 windows 8.1 for 32-bit systems windows 10 version 1903 for 32-bit systems windows 10 version 1903 for x64-based systems windows 10 version 1607 for x64-based systems windows 10 version 1803 for arm64-based systems windows 10 version 1703 for x64-based systems windows 10 version 1809 for 32-bit systems windows 10 version 1803 for 32-bit systems windows 10 for x64-based systems windows 7 for x64-based systems service pack 1 windows server 2012 windows server 2008 r2 for x64-based systems service pack 1 windows 10 version 1709 for x64-based systems windows 10 version 1903 for arm64-based systems windows 10 version 1803 for x64-based systems windows 10 version 1709 for arm64-based systems windows 10 for 32-bit systems windows 10 version 1703 for 32-bit systems windows 10 version 1809 for x64-based systems windows 10 version 1709 for 32-bit systems windows 10 version 1809 for arm64-based systems windows 8.1 for x64-based systems microsoft windows server 2012 r2 windows 10 version 1607 for 32-bit systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1028
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1027
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1026
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1022
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1021
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1019
High
No description available
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1007
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1005
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: windows server 2019 windows rt 8.1 windows 7 for 32-bit systems service pack 1 windows server 2016 windows 8.1 for 32-bit systems windows 10 version 1903 for 32-bit systems windows 10 version 1903 for x64-based systems windows 10 version 1607 for x64-based systems windows 10 version 1803 for arm64-based systems windows 10 version 1703 for x64-based systems windows 10 version 1803 for 32-bit systems windows 10 version 1809 for 32-bit systems windows 10 for x64-based systems windows 7 for x64-based systems service pack 1 windows server 2012 windows 10 version 1903 for arm64-based systems windows 10 version 1709 for x64-based systems windows server 2008 r2 for x64-based systems service pack 1 windows 10 version 1803 for x64-based systems windows 10 version 1709 for arm64-based systems windows 10 for 32-bit systems windows server 2008 for 32-bit systems service pack 2 windows server 2008 for x64-based systems service pack 2 windows 10 version 1703 for 32-bit systems windows 10 version 1809 for x64-based systems windows 10 version 1709 for 32-bit systems windows 10 version 1809 for arm64-based systems windows 8.1 for x64-based systems microsoft windows server 2012 r2 windows 10 version 1607 for 32-bit systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0998
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0985
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: x64-based systems microsoft 32-bit systems ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0983
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0722
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0709
High
No description available
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: x64-based systems microsoft arm64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0620
High
No description available
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: x64-based systems microsoft unknown arm64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-1055
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: windows server 2019 windows rt 8.1 windows 10 version 1607 for 32-bit systems windows 7 for 32-bit systems service pack 1 windows server 2016 windows 8.1 for 32-bit systems windows 10 version 1903 for 32-bit systems windows 10 version 1903 for x64-based systems windows 10 version 1607 for x64-based systems windows 10 version 1803 for arm64-based systems windows 10 version 1703 for x64-based systems windows 10 version 1809 for 32-bit systems windows 10 version 1803 for 32-bit systems windows 10 for x64-based systems windows 7 for x64-based systems service pack 1 windows server 2012 windows 10 version 1903 for arm64-based systems windows 10 version 1709 for x64-based systems windows server 2008 r2 for x64-based systems service pack 1 windows 10 version 1803 for x64-based systems windows 10 version 1709 for arm64-based systems windows 10 for 32-bit systems windows server 2008 for x64-based systems service pack 2 windows 10 version 1703 for 32-bit systems windows 10 version 1809 for x64-based systems windows 10 version 1709 for 32-bit systems windows 10 version 1809 for arm64-based systems windows 8.1 for x64-based systems microsoft windows server 2012 r2 windows server 2008 for 32-bit systems service pack 2
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0988
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: windows server 2019 windows rt 8.1 windows 7 for 32-bit systems service pack 1 windows server 2016 windows 8.1 for 32-bit systems windows 10 version 1903 for 32-bit systems windows 10 version 1903 for x64-based systems windows 10 version 1607 for x64-based systems windows 10 version 1803 for arm64-based systems windows 10 version 1703 for x64-based systems windows 10 version 1809 for 32-bit systems windows 10 version 1803 for 32-bit systems windows 10 for x64-based systems windows 7 for x64-based systems service pack 1 windows server 2012 windows server 2008 r2 for x64-based systems service pack 1 windows 10 version 1709 for x64-based systems windows 10 version 1903 for arm64-based systems windows 10 version 1803 for x64-based systems windows 10 version 1709 for arm64-based systems windows 10 for 32-bit systems windows 10 version 1703 for 32-bit systems windows 10 version 1809 for x64-based systems windows 10 version 1709 for 32-bit systems windows 10 version 1809 for arm64-based systems windows 8.1 for x64-based systems microsoft windows server 2012 r2 windows 10 version 1607 for 32-bit systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0974
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0973
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0909
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0908
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0907
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0906
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0905
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0904
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2019-0888
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-06-12 | Modified: 2025-05-20
CVE-2018-9193
High
A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: fortinet
Published: 2019-05-30 | Modified: 2025-03-24
CVE-2019-10923
High
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2019-10-10 | Modified: 2025-02-11
CVE-2018-0395
High
A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2018-10-17 | Modified: 2024-11-26
CVE-2018-0456
High
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: cisco
Published: 2018-10-17 | Modified: 2024-11-26
CVE-2018-0378
High
A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. A successful exploit could allow the attacker to cause a DoS condition, impacting the traffic passing through the device.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2018-10-17 | Modified: 2024-11-26
CVE-2018-0417
High
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco
Published: 2018-10-17 | Modified: 2024-11-26
CVE-2018-0441
High
A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause a timer crash. An attacker could exploit this vulnerability by sending malicious reassociation events multiple times to the same AP in a short period of time, causing a DoS condition on the affected AP.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: cisco
Published: 2018-10-17 | Modified: 2024-11-26
CVE-2018-0442
High
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco
Published: 2018-10-17 | Modified: 2024-11-26
CVE-2018-0443
High
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending malicious CAPWAP Discovery Request packets to the Cisco WLC Software. A successful exploit could allow the attacker to cause the Cisco WLC Software to disconnect associated access points (APs). While the APs disconnect and reconnect, service will be unavailable for a brief period of time, resulting in a DoS condition.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2018-10-17 | Modified: 2024-11-26
CVE-2018-15442
High
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: cisco
Published: 2018-10-24 | Modified: 2024-11-26
CVE-2018-15454
High
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2018-11-01 | Modified: 2024-11-26
CVE-2018-15381
Critical
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: cisco
Published: 2018-11-08 | Modified: 2024-11-26
CVE-2018-15394
Critical
A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected system. The vulnerability is due to an insecure system configuration. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to gain unauthenticated access, resulting in elevated privileges in the SMC.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: cisco
Published: 2018-11-08 | Modified: 2024-11-26
CVE-2018-15439
Critical
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: cisco
Published: 2018-11-08 | Modified: 2024-11-26
CVE-2018-15441
Critical
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.
🛡️ CVSS: 9.4 🆕 New Entry
/vendors/: cisco
Published: 2018-11-28 | Modified: 2024-11-26
CVE-2018-15465
High
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: cisco
Published: 2018-12-24 | Modified: 2024-11-26
CVE-2019-12650
High
Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-21
CVE-2019-12651
High
Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-21
CVE-2019-12676
High
A vulnerability in the Open Shortest Path First (OSPF) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software improperly parses certain options in OSPF link-state advertisement (LSA) type 11 packets. An attacker could exploit this vulnerability by sending a crafted LSA type 11 OSPF packet to an affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition for client traffic that is traversing the device.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-21
CVE-2019-12677
High
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. The vulnerability is due to incorrect handling of Base64-encoded strings. An attacker could exploit this vulnerability by opening many SSL VPN sessions to an affected device. The attacker would need to have valid user credentials on the affected device to exploit this vulnerability. A successful exploit could allow the attacker to overwrite a special system memory location, which will eventually result in memory allocation errors for new SSL/TLS sessions to the device, preventing successful establishment of these sessions. A reload of the device is required to recover from this condition. Established SSL/TLS connections to the device and SSL/TLS connections through the device are not affected. Note: Although this vulnerability is in the SSL VPN feature, successful exploitation of this vulnerability would affect all new SSL/TLS sessions to the device, including management sessions.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-21
CVE-2019-12700
High
A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper resource management in the context of user session management. An attacker could exploit this vulnerability by connecting to an affected system and performing many simultaneous successful Secure Shell (SSH) logins. A successful exploit could allow the attacker to exhaust system resources and cause the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker needs valid user credentials on the system.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-21
CVE-2019-12636
High
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or cause a denial of service (DoS) condition on an affected device.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-21
CVE-2019-15264
High
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management during CAPWAP message processing. An attacker could exploit this vulnerability by sending a high volume of legitimate wireless management frames within a short time to an affected device. A successful exploit could allow the attacker to cause a device to restart unexpectedly, resulting in a DoS condition for clients associated with the AP.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-21
CVE-2019-15265
High
A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-21
CVE-2019-15966
High
A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: cisco
Published: 2019-11-05 | Modified: 2024-11-21
CVE-2019-15276
High
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: cisco
Published: 2019-11-26 | Modified: 2024-11-21
CVE-2018-15380
High
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-02-20 | Modified: 2024-11-20
CVE-2019-12624
High
A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-08-21 | Modified: 2024-11-20
CVE-2019-12648
Critical
A vulnerability in the IOx application environment for Cisco IOS Software could allow an authenticated, remote attacker to gain unauthorized access to the Guest Operating System (Guest OS) running on an affected device. The vulnerability is due to incorrect role-based access control (RBAC) evaluation when a low-privileged user requests access to a Guest OS that should be restricted to administrative accounts. An attacker could exploit this vulnerability by authenticating to the Guest OS by using the low-privileged-user credentials. An exploit could allow the attacker to gain unauthorized access to the Guest OS as a root user.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-20
CVE-2019-12674
High
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12675
High
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to insufficient protections on the underlying filesystem. An attacker could exploit these vulnerabilities by modifying critical files on the underlying filesystem. A successful exploit could allow the attacker to execute commands with root privileges within the host namespace. This could allow the attacker to impact other running FTD instances.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12679
High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12680
High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12681
High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12682
High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12683
High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12684
High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12685
High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12686
High
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12687
High
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12688
High
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12689
High
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12690
High
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-12699
High
Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute commands on the underlying operating system (OS) with root privileges. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by including crafted arguments to specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-20
CVE-2019-15240
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15241
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15242
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15243
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15244
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15245
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15246
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15247
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15248
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15249
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15250
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15251
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15252
High
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-20
CVE-2019-15958
High
A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input validation during the initial High Availability (HA) configuration and registration process of an affected device. An attacker could exploit this vulnerability by uploading a malicious file during the HA registration period. A successful exploit could allow the attacker to execute arbitrary code with root-level privileges on the underlying operating system. Note: This vulnerability can only be exploited during the HA registration period. See the Details section for more information.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: cisco
Published: 2019-11-26 | Modified: 2024-11-20
CVE-2019-15956
High
A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-11-26 | Modified: 2024-11-20
CVE-2019-15288
High
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2019-11-26 | Modified: 2024-11-20
CVE-2019-15286
High
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: cisco
Published: 2019-11-26 | Modified: 2024-11-20
CVE-2019-15284
High
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: cisco
Published: 2019-11-26 | Modified: 2024-11-20
CVE-2018-0181
High
A vulnerability in the Redis implementation used by the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software could allow an unauthenticated, remote attacker to modify key-value pairs for short-lived events stored by the Redis server. The vulnerability is due to improper authentication when accessing the Redis server. An unauthenticated attacker could exploit this vulnerability by modifying key-value pairs stored within the Redis server database. An exploit could allow the attacker to reduce the efficiency of the Cisco Policy Suite for Mobile and Cisco Policy Suite Diameter Routing Agent software.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: cisco
Published: 2019-01-10 | Modified: 2024-11-19
CVE-2018-15453
High
A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-01-10 | Modified: 2024-11-19
CVE-2018-15460
High
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper filtering of email messages that contain references to whitelisted URLs. An attacker could exploit this vulnerability by sending a malicious email message that contains a large number of whitelisted URLs. A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-01-10 | Modified: 2024-11-19
CVE-2018-0389
High
A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco
Published: 2019-03-13 | Modified: 2024-11-19
CVE-2018-15388
High
A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-05-03 | Modified: 2024-11-19
CVE-2018-15462
High
A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-05-03 | Modified: 2024-11-19
CVE-2019-12634
High
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a missing authentication check in an API call. An attacker who can send a request to an affected system could cause all currently authenticated users to be logged off. Repeated exploitation could cause the inability to maintain a session in the web-based management portal.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-08-21 | Modified: 2024-11-19
CVE-2019-12643
Critical
A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST API authentication service. An attacker could exploit this vulnerability by submitting malicious HTTP requests to the targeted device. A successful exploit could allow the attacker to obtain the token-id of an authenticated user. This token-id could be used to bypass authentication and execute privileged actions through the interface of the REST API virtual service container on the affected Cisco IOS XE device. The REST API interface is not enabled by default and must be installed and activated separately on IOS XE devices. See the Details section for more information.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: cisco
Published: 2019-08-28 | Modified: 2024-11-19
CVE-2019-12646
High
A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12647
High
A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability exists because the affected software incorrectly handles memory structures, leading to a NULL pointer dereference. An attacker could exploit this vulnerability by opening a TCP connection to specific ports and sending traffic over that connection. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12653
High
A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12655
High
A vulnerability in the FTP application layer gateway (ALG) functionality used by Network Address Translation (NAT), NAT IPv6 to IPv4 (NAT64), and the Zone-Based Policy Firewall (ZBFW) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a buffer overflow that occurs when an affected device inspects certain FTP traffic. An attacker could exploit this vulnerability by performing a specific FTP transfer through the device. A successful exploit could allow the attacker to cause the device to reload.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12657
High
A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12652
High
A vulnerability in the ingress packet processing function of Cisco IOS Software for Cisco Catalyst 4000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when processing TCP packets directed to the device on specific Cisco Catalyst 4000 Series Switches. An attacker could exploit this vulnerability by sending crafted TCP streams to an affected device. A successful exploit could cause the affected device to run out of buffer resources, impairing operations of control plane and management plane protocols, resulting in a DoS condition. This vulnerability can be triggered only by traffic that is destined to an affected device and cannot be exploited using traffic that transits an affected device.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12654
High
A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12656
High
A vulnerability in the IOx application environment of multiple Cisco platforms could allow an unauthenticated, remote attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a denial of service (DoS) condition. The vulnerability is due to a Transport Layer Security (TLS) implementation issue. An attacker could exploit this vulnerability by sending crafted TLS packets to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing HTTPS requests, resulting in a DoS condition.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12658
High
A vulnerability in the filesystem resource management code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to exhaust filesystem resources on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to ineffective management of the underlying filesystem resources. An attacker could exploit this vulnerability by performing specific actions that result in messages being sent to specific operating system log files. A successful exploit could allow the attacker to exhaust available filesystem space on an affected device. This could cause the device to crash and reload, resulting in a DoS condition for clients whose network traffic is transiting the device. Upon reload of the device, the impacted filesystem space is cleared, and the device will return to normal operation. However, continued exploitation of this vulnerability could cause subsequent forced crashes and reloads, which could lead to an extended DoS condition.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-09-25 | Modified: 2024-11-19
CVE-2019-12673
High
A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-19
CVE-2019-12678
High
A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-19
CVE-2019-15256
High
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker's source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-10-02 | Modified: 2024-11-19
CVE-2019-15260
Critical
A vulnerability in Cisco Aironet Access Points (APs) Software could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device with elevated privileges. The vulnerability is due to insufficient access control for certain URLs on an affected device. An attacker could exploit this vulnerability by requesting specific URLs from an affected AP. An exploit could allow the attacker to gain access to the device with elevated privileges. While the attacker would not be granted access to all possible configuration options, it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the AP, creating a denial of service (DoS) condition for clients associated with the AP.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-19
CVE-2019-15261
High
A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Generic Routing Encapsulation (GRE) frames that pass through the data plane of an affected AP. An attacker could exploit this vulnerability by associating to a vulnerable AP, initiating a PPTP VPN connection to an arbitrary PPTP VPN server, and sending a malicious GRE frame through the data plane of the AP. A successful exploit could allow the attacker to cause an internal process of the targeted AP to crash, which in turn would cause the AP to reload. The AP reload would cause a DoS condition for clients that are associated with the AP.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-19
CVE-2019-15262
High
A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is not properly deleted when an SSH connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly opening SSH connections to an affected device. A successful exploit could allow the attacker to exhaust system resources by initiating multiple SSH connections to the device that are not effectively terminated, which could result in a DoS condition.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2019-10-16 | Modified: 2024-11-19
CVE-2019-12625
High
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco
Published: 2019-11-05 | Modified: 2024-11-19
CVE-2019-15976
Critical
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15975
Critical
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15985
High
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15984
High
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15982
High
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15981
High
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15980
High
Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15979
High
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15978
High
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15977
Critical
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: cisco
Published: 2020-01-06 | Modified: 2024-11-15
CVE-2019-15961
High
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: clamav
Published: 2020-01-15 | Modified: 2024-11-15
CVE-2019-15989
High
A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2020-01-26 | Modified: 2024-11-15
CVE-2019-16018
High
A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: cisco
Published: 2020-01-26 | Modified: 2024-11-15
CVE-2019-16020
High
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2020-01-26 | Modified: 2024-11-15
CVE-2019-16022
High
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2020-01-26 | Modified: 2024-11-15
CVE-2019-16027
High
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: cisco
Published: 2020-01-26 | Modified: 2024-11-15
CVE-2019-16029
High
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-26 | Modified: 2024-11-15
CVE-2019-16005
High
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-01-26 | Modified: 2024-11-15
CVE-2019-16011
High
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: cisco
Published: 2020-04-29 | Modified: 2024-11-15
CVE-2019-11538
High
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to access the contents of arbitrary files on the affected device.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: n/a
Published: 2019-04-26 | Modified: 2024-11-15
CVE-2019-11543
High
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: n/a
Published: 2019-04-26 | Modified: 2024-11-15
CVE-2019-18338
High
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker with network access to the CCS server could exploit this vulnerability to list arbitrary directories or read files outside of the CCS application context.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: siemens
Published: 2019-12-12 | Modified: 2024-11-15
CVE-2019-15992
High
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-16028
Critical
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-16023
High
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-16021
High
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-16019
High
Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-16009
High
A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-15993
High
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-15957
High
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-15289
High
Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-15287
High
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-15285
High
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2019-15283
High
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: cisco
Published: 2020-09-23 | Modified: 2024-11-13
CVE-2018-25105
Critical
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: mndpsingh287
Published: 2024-10-16 | Modified: 2024-10-16
CVE-2019-18337
Critical
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access to the CCS server could exploit this vulnerability to read the CCS users database, including the passwords of all users in obfuscated cleartext.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: siemens
Published: 2019-12-12 | Modified: 2024-10-15
CVE-2018-3999
High
An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: the atlantis word processor team
Published: 2018-10-01 | Modified: 2024-09-17
CVE-2018-6493
High
SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: micro focus
Published: 2018-05-22 | Modified: 2024-09-17
CVE-2018-0027
High
Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2018-07-11 | Modified: 2024-09-17
CVE-2018-3868
High
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-12 | Modified: 2024-09-17
CVE-2018-6488
High
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: micro focus
Published: 2018-02-22 | Modified: 2024-09-17
CVE-2018-6499
High
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: micro focus
Published: 2018-08-30 | Modified: 2024-09-17
CVE-2019-11270
High
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: cloud foundry
Published: 2019-08-05 | Modified: 2024-09-17
CVE-2018-4019
High
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: netgate
Published: 2018-12-03 | Modified: 2024-09-17
CVE-2018-3948
High
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2018-11-30 | Modified: 2024-09-17
CVE-2019-17437
High
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: palo alto networks
Published: 2019-12-05 | Modified: 2024-09-17
CVE-2018-3950
High
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: talos
Published: 2018-12-01 | Modified: 2024-09-17
CVE-2019-11288
High
In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: pivotal
Published: 2020-01-27 | Modified: 2024-09-17
CVE-2019-11898
Critical
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: bosch
Published: 2019-09-12 | Modified: 2024-09-17
CVE-2018-1845
High
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2019-06-17 | Modified: 2024-09-17
CVE-2018-19636
High
Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: suse
Published: 2019-03-05 | Modified: 2024-09-17
CVE-2018-3855
High
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: hyland software, inc.
Published: 2018-04-26 | Modified: 2024-09-17
CVE-2018-11052
Critical
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3 requests.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: dell emc
Published: 2018-07-03 | Modified: 2024-09-17
CVE-2019-17102
High
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: bitdefender
Published: 2020-01-27 | Modified: 2024-09-17
CVE-2018-6505
High
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: micro focus
Published: 2018-09-20 | Modified: 2024-09-17
CVE-2018-1487
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-07-10 | Modified: 2024-09-17
CVE-2019-18582
Critical
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to inject malicious report generation scripts in the server. This may lead to OS command execution as the regular user runs the DPA service on the affected system.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: dell
Published: 2020-03-18 | Modified: 2024-09-17
CVE-2018-1488
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 140973.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-05-25 | Modified: 2024-09-17
CVE-2019-11897
High
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: prosyst bosch
Published: 2019-08-21 | Modified: 2024-09-17
CVE-2018-3958
High
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-10-02 | Modified: 2024-09-17
CVE-2019-17333
High
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: tibco software inc.
Published: 2020-02-19 | Modified: 2024-09-17
CVE-2018-3957
High
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-10-02 | Modified: 2024-09-17
CVE-2018-0001
Critical
A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-01-10 | Modified: 2024-09-17
CVE-2018-6487
Critical
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: micro focus
Published: 2018-02-20 | Modified: 2024-09-17
CVE-2018-3996
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-08 | Modified: 2024-09-17
CVE-2018-1835
High
IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-11-02 | Modified: 2024-09-17
CVE-2019-0001
High
Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: mx series juniper networks
Published: 2019-01-15 | Modified: 2024-09-17
CVE-2018-3878
Critical
Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-3895
Critical
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-28 | Modified: 2024-09-17
CVE-2018-15782
High
The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: dell
Published: 2019-01-16 | Modified: 2024-09-17
CVE-2018-5401
Critical
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: armv7 android auto-maskin
Published: 2018-10-08 | Modified: 2024-09-17
CVE-2018-3931
High
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: antenna house
Published: 2018-07-11 | Modified: 2024-09-17
CVE-2018-15800
High
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: cloud foundry
Published: 2018-12-10 | Modified: 2024-09-17
CVE-2019-11211
Critical
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-09-18 | Modified: 2024-09-17
CVE-2018-3993
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-03 | Modified: 2024-09-17
CVE-2018-1448
High
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: ibm
Published: 2018-03-22 | Modified: 2024-09-17
CVE-2018-3832
Critical
An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: insteon
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-1781
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-11-09 | Modified: 2024-09-17
CVE-2018-3857
High
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: acd systems
Published: 2018-07-19 | Modified: 2024-09-17
CVE-2018-3954
High
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: linksys
Published: 2018-10-17 | Modified: 2024-09-17
CVE-2018-1778
High
IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they know the userId and can hence get access to the other user’s data / access to their privileges (if the user happens to be an Admin for example). IBM X-Force ID: 148801.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: ibm
Published: 2018-12-20 | Modified: 2024-09-17
CVE-2018-5379
High
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: quagga
Published: 2018-02-19 | Modified: 2024-09-17
CVE-2018-4021
High
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: netgate
Published: 2018-12-03 | Modified: 2024-09-17
CVE-2018-3867
Critical
An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-1544
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-05-25 | Modified: 2024-09-17
CVE-2018-15798
High
Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: pivotal
Published: 2018-12-19 | Modified: 2024-09-17
CVE-2018-3936
High
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: antenna house
Published: 2018-07-11 | Modified: 2024-09-17
CVE-2018-0046
High
A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-10-10 | Modified: 2024-09-17
CVE-2019-0061
High
The management daemon (MGD) is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a local, authenticated user may be able to exploit this vulnerability to gain administrative privileges. This issue only affects Linux-based platforms. FreeBSD-based platforms are unaffected by this vulnerability. Exploitation of this vulnerability requires Junos shell access. This issue cannot be exploited from the Junos CLI. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R1-S7, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: juniper networks
Published: 2019-10-09 | Modified: 2024-09-17
CVE-2018-3910
High
An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: yi
Published: 2018-11-01 | Modified: 2024-09-17
CVE-2018-2019
High
IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 155265.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2019-01-18 | Modified: 2024-09-17
CVE-2019-0012
High
A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. This issue only affects PE routers configured with BGP Auto discovery for LDP VPLS. Other BGP configurations are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D81; 12.3 versions prior to 12.3R12-S12; 12.3X48 versions prior to 12.3X48-D76; 14.1X53 versions prior to 14.1X53-D48; 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D235, 15.1X53-D495, 15.1X53-D590, 15.1X53-D68; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2019-01-15 | Modified: 2024-09-17
CVE-2018-1631
High
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: ibm
Published: 2019-08-20 | Modified: 2024-09-17
CVE-2018-1747
High
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-10-15 | Modified: 2024-09-17
CVE-2018-1771
High
IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-12-20 | Modified: 2024-09-17
CVE-2018-3853
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-06-04 | Modified: 2024-09-17
CVE-2018-12408
High
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-08-08 | Modified: 2024-09-17
CVE-2019-0064
High
On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks srx 5000 series
Published: 2019-10-09 | Modified: 2024-09-17
CVE-2018-1796
High
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: ibm
Published: 2019-08-20 | Modified: 2024-09-17
CVE-2018-11080
High
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: dell emc
Published: 2018-10-18 | Modified: 2024-09-17
CVE-2018-1922
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2019-03-11 | Modified: 2024-09-17
CVE-2018-1904
High
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: ibm
Published: 2018-12-11 | Modified: 2024-09-17
CVE-2018-17494
High
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: visitorpass
Published: 2019-03-19 | Modified: 2024-09-17
CVE-2018-3864
Critical
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-20 | Modified: 2024-09-17
CVE-2018-1998
High
IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ibm
Published: 2019-03-11 | Modified: 2024-09-17
CVE-2019-18902
High
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: suse opensuse
Published: 2020-03-02 | Modified: 2024-09-17
CVE-2019-19162
High
A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: tobesoft
Published: 2020-05-11 | Modified: 2024-09-17
CVE-2019-0014
High
On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: qfx and ptx series juniper networks
Published: 2019-01-15 | Modified: 2024-09-17
CVE-2019-11279
High
CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: cloud foundry
Published: 2019-09-26 | Modified: 2024-09-17
CVE-2018-1969
Critical
IBM Security Identity Manager 6.0.0 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 153750.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: ibm
Published: 2019-01-14 | Modified: 2024-09-17
CVE-2018-3924
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: foxit
Published: 2018-08-01 | Modified: 2024-09-17
CVE-2018-3977
High
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: simple directmedia layer
Published: 2018-11-01 | Modified: 2024-09-17
CVE-2018-5734
High
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: isc
Published: 2019-01-16 | Modified: 2024-09-17
CVE-2019-13657
Critical
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: ca technologies, a broadcom company
Published: 2019-10-17 | Modified: 2024-09-17
CVE-2019-18568
High
Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege escalation through the execution of kernel code from a restricted user.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: avira x86
Published: 2019-12-31 | Modified: 2024-09-17
CVE-2018-1565
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-05-25 | Modified: 2024-09-17
CVE-2019-0059
High
A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2019-10-09 | Modified: 2024-09-17
CVE-2018-1779
High
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: ibm
Published: 2018-11-20 | Modified: 2024-09-17
CVE-2018-3971
Critical
An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: talos
Published: 2018-10-25 | Modified: 2024-09-17
CVE-2018-3833
High
An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: insteon
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-5743
High
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: isc
Published: 2019-10-09 | Modified: 2024-09-17
CVE-2019-17096
Critical
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: bitdefender
Published: 2020-01-28 | Modified: 2024-09-17
CVE-2018-3846
High
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-16 | Modified: 2024-09-17
CVE-2019-11477
High
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: linux
Published: 2019-06-18 | Modified: 2024-09-17
CVE-2019-18588
Critical
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: dell
Published: 2020-01-10 | Modified: 2024-09-17
CVE-2018-3942
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-08 | Modified: 2024-09-17
CVE-2019-11899
High
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: bosch
Published: 2019-09-12 | Modified: 2024-09-17
CVE-2018-3851
High
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: hyland software, inc.
Published: 2018-04-26 | Modified: 2024-09-17
CVE-2019-19230
Critical
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: ca technologies, a broadcom company
Published: 2019-12-09 | Modified: 2024-09-17
CVE-2018-3982
High
An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bounds index which can result in arbitrary data being read as a pointer. Later, when the application attempts to write to said pointer, an arbitrary write will occur. This can allow an attacker to further corrupt memory, which leads to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: the atlantis word processor team
Published: 2018-10-01 | Modified: 2024-09-17
CVE-2018-3912
High
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-3953
High
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: linksys
Published: 2018-10-17 | Modified: 2024-09-17
CVE-2018-3909
Critical
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: talos
Published: 2018-08-24 | Modified: 2024-09-17
CVE-2018-1970
High
IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2019-02-04 | Modified: 2024-09-17
CVE-2018-3879
High
An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-12412
High
The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-11-07 | Modified: 2024-09-17
CVE-2019-17336
High
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-12-17 | Modified: 2024-09-17
CVE-2018-5432
High
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-06-13 | Modified: 2024-09-17
CVE-2018-3946
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-03 | Modified: 2024-09-17
CVE-2018-17485
High
Lobby Track Desktop contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: jolly technologies
Published: 2019-03-19 | Modified: 2024-09-17
CVE-2018-1736
High
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2018-09-27 | Modified: 2024-09-17
CVE-2018-3922
High
A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: computerinsel
Published: 2018-08-01 | Modified: 2024-09-17
CVE-2019-11283
High
Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outputs sensitive information to the logs. A remote user with access to the SMB Volume logs can discover the username and password for volumes that have been recently created, allowing the user to take control of the SMB Volume.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cloud foundry
Published: 2019-10-23 | Modified: 2024-09-17
CVE-2018-15778
High
Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI).
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: dell
Published: 2019-02-04 | Modified: 2024-09-17
CVE-2019-11207
High
The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. This issue affects: TIBCO Software Inc. TIBCO LogLogic Enterprise Virtual Appliance version 6.2.1 and prior versions. TIBCO Software Inc. TIBCO LogLogic Log Management Intelligence 6.2.1. TIBCO LogLogic LX825 Appliance 0.0.004, TIBCO LogLogic LX1025 Appliance 0.0.004, TIBCO LogLogic LX4025 Appliance 0.0.004, TIBCO LogLogic MX3025 Appliance 0.0.004, TIBCO LogLogic MX4025 Appliance 0.0.004, TIBCO LogLogic ST1025 Appliance 0.0.004, TIBCO LogLogic ST2025-SAN Appliance 0.0.004, and TIBCO LogLogic ST4025 Appliance 0.0.004 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below. TIBCO LogLogic LX1035 Appliance 0.0.005, TIBCO LogLogic LX1025R1 Appliance 0.0.004, TIBCO LogLogic LX1025R2 Appliance 0.0.004, TIBCO LogLogic LX4025R1 Appliance 0.0.004, TIBCO LogLogic LX4025R2 Appliance 0.0.004, TIBCO LogLogic LX4035 Appliance 0.0.005, TIBCO LogLogic ST2025-SANR1 Appliance 0.0.004, TIBCO LogLogic ST2025-SANR2 Appliance 0.0.004, TIBCO LogLogic ST2035-SAN Appliance 0.0.005, TIBCO LogLogic ST4025R1 Appliance 0.0.004, TIBCO LogLogic ST4025R2 Appliance 0.0.004, and TIBCO LogLogic ST4035 Appliance 0.0.005 using TIBCO LogLogic Log Management Intelligence versions 6.2.1 and below.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-08-13 | Modified: 2024-09-17
CVE-2019-17440
Critical
Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affect any other PA series devices. This issue does not affect devices without an LFC. This issue does not affect PAN-OS 8.1 or prior releases. This issue only affected a very limited number of customers and we undertook individual outreach to help them upgrade. At the time of publication, all identified customers have upgraded SW or content and are not impacted.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: palo alto networks pa-7000 series with 2nd generation smc
Published: 2019-12-20 | Modified: 2024-09-17
CVE-2019-0047
High
A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue affects: Juniper Networks Junos OS 12.1X46 versions prior to 12.1X46-D86; 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D497, 15.1X53-D69; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R1-S7, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.3 versions prior to 18.3R1-S3, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: juniper networks
Published: 2019-10-09 | Modified: 2024-09-17
CVE-2018-12464
Critical
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: micro focus
Published: 2018-06-29 | Modified: 2024-09-17
CVE-2018-17496
High
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error while in kiosk mode. By visiting the kiosk and typing ctrl+shift+esc, an attacker could exploit this vulnerability to open the task manager to kill the process or launch new processes on the system.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: visitorpass
Published: 2019-03-19 | Modified: 2024-09-17
CVE-2018-3944
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-10-02 | Modified: 2024-09-17
CVE-2018-0005
High
QFX and EX Series switches configured to drop traffic when the MAC move limit is exceeded will forward traffic instead of dropping traffic. This can lead to denials of services or other unintended conditions. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D40; 15.1X53 versions prior to 15.1X53-D55; 15.1 versions prior to 15.1R7.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: juniper networks
Published: 2018-01-10 | Modified: 2024-09-17
CVE-2019-13658
Critical
CA Network Flow Analysis 9.x and 10.0.x have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: ca technologies, a broadcom company
Published: 2019-10-02 | Modified: 2024-09-17
CVE-2018-1980
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2019-03-11 | Modified: 2024-09-17
CVE-2018-15759
Critical
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perform broker operations.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: pivotal
Published: 2018-11-19 | Modified: 2024-09-17
CVE-2019-11847
High
An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: n/a
Published: 2020-08-21 | Modified: 2024-09-17
CVE-2019-11821
High
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: synology
Published: 2019-06-30 | Modified: 2024-09-17
CVE-2018-1923
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2019-03-11 | Modified: 2024-09-17
CVE-2018-13285
High
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: synology
Published: 2019-04-01 | Modified: 2024-09-17
CVE-2018-3865
Critical
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-20 | Modified: 2024-09-17
CVE-2018-3871
High
An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: acd systems
Published: 2018-07-19 | Modified: 2024-09-17
CVE-2018-1212
High
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: dell emc
Published: 2018-07-02 | Modified: 2024-09-17
CVE-2019-17338
High
The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: tibco software inc.
Published: 2020-01-28 | Modified: 2024-09-17
CVE-2018-1789
High
IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-09-07 | Modified: 2024-09-17
CVE-2019-17095
High
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: bitdefender
Published: 2020-01-27 | Modified: 2024-09-17
CVE-2018-4834
Critical
A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: siemens
Published: 2018-01-24 | Modified: 2024-09-17
CVE-2018-1701
High
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: ibm
Published: 2019-02-15 | Modified: 2024-09-17
CVE-2018-3951
High
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: talos
Published: 2018-12-01 | Modified: 2024-09-17
CVE-2018-3849
High
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-16 | Modified: 2024-09-17
CVE-2018-0018
High
On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected by the SRX Series device. This issue only applies to devices where IDP policies are applied to one or more rules. Customers not using IDP policies are not affected. Depending on if the IDP updates are automatic or not, as well as the interval between available updates, an attacker may have more or less success in performing reconnaissance or bypass attacks on the victim SRX Series device or protected devices. ScreenOS with IDP is not vulnerable to this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX; 12.3X48 versions prior to 12.3X48-D35 on SRX; 15.1X49 versions prior to 15.1X49-D60 on SRX.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx juniper networks
Published: 2018-04-11 | Modified: 2024-09-17
CVE-2018-3845
High
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: hyland software, inc.
Published: 2018-04-26 | Modified: 2024-09-17
CVE-2018-1435
High
IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: ibm
Published: 2018-03-14 | Modified: 2024-09-17
CVE-2018-1844
High
IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-10-12 | Modified: 2024-09-17
CVE-2018-3933
High
An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: antenna house
Published: 2018-07-11 | Modified: 2024-09-17
CVE-2018-3908
Critical
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: samsung
Published: 2018-08-28 | Modified: 2024-09-17
CVE-2018-17495
High
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Help Dialog. By visiting the kiosk and removing the program from fullscreen, an attacker could exploit this vulnerability using the terminal to launch the command prompt.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: visitorpass
Published: 2019-03-19 | Modified: 2024-09-17
CVE-2018-11081
High
Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk..
🛡️ CVSS: 7.9 🆕 New Entry
/vendors/: pivotal
Published: 2018-10-05 | Modified: 2024-09-17
CVE-2018-3980
High
An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2019-02-06 | Modified: 2024-09-17
CVE-2019-18575
High
Dell Command Configure versions prior to 4.2.1 contain an uncontrolled search path vulnerability. A locally authenticated malicious user could exploit this vulnerability by creating a symlink to a target file, allowing the attacker to overwrite or corrupt a specified file on the system.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: dell
Published: 2019-12-06 | Modified: 2024-09-17
CVE-2019-11684
Critical
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: n/a
Published: 2021-02-26 | Modified: 2024-09-17
CVE-2018-3964
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-03 | Modified: 2024-09-17
CVE-2018-3961
High
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-10-02 | Modified: 2024-09-17
CVE-2019-18897
High
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: suse opensuse
Published: 2020-03-02 | Modified: 2024-09-17
CVE-2018-1711
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-09-21 | Modified: 2024-09-17
CVE-2018-18814
High
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-01-16 | Modified: 2024-09-17
CVE-2018-3848
High
In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-16 | Modified: 2024-09-17
CVE-2018-3905
High
An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-15758
Critical
Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
🛡️ CVSS: 9.6 🆕 New Entry
/vendors/: pivotal
Published: 2018-10-18 | Modified: 2024-09-17
CVE-2018-3894
Critical
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-21 | Modified: 2024-09-17
CVE-2018-3917
High
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-18590
Critical
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.
🛡️ CVSS: 9.6 🆕 New Entry
/vendors/: micro focus
Published: 2018-11-07 | Modified: 2024-09-17
CVE-2019-0033
High
A firewall bypass vulnerability in the proxy ARP service of Juniper Networks Junos OS allows an attacker to cause a high CPU condition leading to a Denial of Service (DoS). This issue affects only IPv4. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D25 prior to 12.1X46-D71, 12.1X46-D73 on SRX Series; 12.3X48 versions prior to 12.3X48-D50 on SRX Series; 15.1X49 versions prior to 15.1X49-D75 on SRX Series.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2019-04-10 | Modified: 2024-09-17
CVE-2018-3844
High
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: hyland software, inc.
Published: 2018-04-26 | Modified: 2024-09-17
CVE-2018-6498
High
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: micro focus
Published: 2018-08-30 | Modified: 2024-09-17
CVE-2018-1373
High
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 137773.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: ibm
Published: 2018-03-02 | Modified: 2024-09-17
CVE-2018-11061
Critical
RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration of the template engine used in the product. A remote authenticated malicious RSA NetWitness Server user with an Admin or Operator role could exploit this vulnerability to execute arbitrary commands on the server with root privileges.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: dell emc
Published: 2018-08-24 | Modified: 2024-09-17
CVE-2018-3875
Critical
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-10 | Modified: 2024-09-17
CVE-2018-3903
Critical
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: talos
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2018-3949
High
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: talos
Published: 2018-12-01 | Modified: 2024-09-17
CVE-2018-0049
High
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: qfabric system all non-srx series and srx100, srx110, srx210, srx220, srx240m, srx550m srx650, srx300, srx320, srx340, srx345, srx1500, srx4100, srx4200, srx4600 and vsrx qfx5200/qfx5110 juniper networks nfx150, nfx250 qfx10000 series ex2200/vc, ex3200, ex3300/vc, ex4200, ex4300, ex4550/vc, ex4600, ex6200, ex8200/vc (xre), qfx3500, qfx3600, qfx5100 srx100, srx110, srx210, srx220, srx240m, srx550m srx650, srx300, srx320, srx340, srx345, srx1500, srx4100, srx4200, srx4600 and vsrx ex2300/ex3400
Published: 2018-10-10 | Modified: 2024-09-17
CVE-2018-1834
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2018-11-09 | Modified: 2024-09-17
CVE-2018-3847
High
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: nasa
Published: 2018-08-01 | Modified: 2024-09-17
CVE-2018-3880
High
An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-17
CVE-2019-0043
High
In MPLS environments, receipt of a specific SNMP packet may cause the routing protocol daemon (RPD) process to crash and restart. By continuously sending a specially crafted SNMP packet, an attacker can repetitively crash the RPD process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS : 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D48 on EX/QFX series; 15.1 versions prior to 15.1R4-S9, 15.1R7-S2; 15.1F6 versions prior to 15.1F6-S11; 15.1X49 versions prior to 15.1X49-D141, 15.1X49-D144, 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D68 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 15.1X53 versions prior to 15.1X53-D590 on EX2300/EX3400 Series; 15.1X54 on ACX Series; 16.1 versions prior to 16.1R3-S10, 16.1R4-S11, 16.1R6-S5, 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S8, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R1-S1, 18.1R2-S1, 18.1R3; 18.2X75 versions prior to 18.2X75-D10.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: ex2300/ex3400 series srx series qfx5200/qfx5110 series qfx10k series ex/qfx series acx series juniper networks nfx series
Published: 2019-04-10 | Modified: 2024-09-17
CVE-2019-18903
High
A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: suse opensuse
Published: 2020-03-02 | Modified: 2024-09-17
CVE-2018-3976
High
An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2019-02-06 | Modified: 2024-09-17
CVE-2018-1566
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-07-10 | Modified: 2024-09-17
CVE-2019-0070
High
An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: nfx series juniper networks
Published: 2019-10-09 | Modified: 2024-09-17
CVE-2019-0075
High
A vulnerability in the srxpfe process on Protocol Independent Multicast (PIM) enabled SRX series devices may lead to crash of the srxpfe process and an FPC reboot while processing (PIM) messages. Sustained receipt of these packets may lead to an extended denial of service condition. Affected releases are Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160; 17.3 versions prior to 17.3R3-S7 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2; 18.3 versions prior to 18.3R2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2019-10-09 | Modified: 2024-09-17
CVE-2018-7685
High
The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: suse
Published: 2018-08-31 | Modified: 2024-09-17
CVE-2018-1542
High
IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine (ACCE) 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 142597.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-07-06 | Modified: 2024-09-17
CVE-2018-18813
High
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-01-16 | Modified: 2024-09-17
CVE-2018-3874
Critical
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-21 | Modified: 2024-09-17
CVE-2018-3981
High
An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-10-01 | Modified: 2024-09-17
CVE-2018-15761
Critical
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: cloud foundry
Published: 2018-11-19 | Modified: 2024-09-17
CVE-2018-0050
High
An error handling vulnerability in Routing Protocols Daemon (RPD) of Juniper Networks Junos OS allows an attacker to cause RPD to crash. Continued receipt of this malformed MPLS RSVP packet will cause a sustained Denial of Service condition. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D48 on QFX Switching; 14.2 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4. This issue does not affect versions of Junos OS before 14.1R1. Junos OS RSVP only supports IPv4. IPv6 is not affected by this issue. This issue require it to be received on an interface configured to receive this type of traffic.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: qfabric system qfx switching juniper networks
Published: 2018-10-10 | Modified: 2024-09-17
CVE-2018-1279
High
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: pivotal
Published: 2018-12-10 | Modified: 2024-09-17
CVE-2018-4055
High
A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: talos
Published: 2019-03-08 | Modified: 2024-09-17
CVE-2018-4040
High
An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-12-01 | Modified: 2024-09-17
CVE-2018-0021
High
If all 64 digits of the connectivity association name (CKN) key or all 32 digits of the connectivity association key (CAK) key are not configured, all remaining digits will be auto-configured to 0. Hence, Juniper devices configured with short MacSec keys are at risk to an increased likelihood that an attacker will discover the secret passphrases configured for these keys through dictionary-based and brute-force-based attacks using spoofed packets. Affected releases are Juniper Networks Junos OS: 14.1 versions prior to 14.1R10, 14.1R9; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R5; 16.2 versions prior to 16.2R1-S6, 16.2R2; 17.1 versions prior to 17.1R2.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-04-11 | Modified: 2024-09-17
CVE-2018-5429
High
A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-04-17 | Modified: 2024-09-17
CVE-2018-0015
Critical
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. The AppFormix Agent exposes the debug console on a host where AppFormix Agent is executing. If the host is executing AppFormix Agent, an attacker may access the debug console and execute Python commands with root privilege. Affected AppFormix releases are: All versions up to and including 2.7.3; 2.11 versions prior to 2.11.3; 2.15 versions prior to 2.15.2. Juniper SIRT is not aware of any malicious exploitation of this vulnerability, however, the issue has been seen in a production network. No other Juniper Networks products or platforms are affected by this issue.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-02-22 | Modified: 2024-09-17
CVE-2018-3972
Critical
An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: https://github.com/sabelnikov
Published: 2018-09-26 | Modified: 2024-09-17
CVE-2018-1431
High
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2018-06-13 | Modified: 2024-09-17
CVE-2018-3859
High
An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3860.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: acd systems
Published: 2018-07-19 | Modified: 2024-09-17
CVE-2019-0057
High
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager (JDM) application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1, 18.2X75-D5.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: nfx series juniper networks
Published: 2019-10-09 | Modified: 2024-09-17
CVE-2018-0045
High
Receipt of a specific Draft-Rosen MVPN control packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending the same specific Draft-Rosen MVPN control packet, an attacker can repeatedly crash the RPD process causing a prolonged denial of service. This issue may occur when the Junos OS device is configured for Draft-Rosen multicast virtual private network (MVPN). The VPN is multicast-enabled and configured to use Protocol Independent Multicast (PIM) protocol within the VPN. This issue can only be exploited from the PE device within the MPLS domain which is capable of forwarding IP multicast traffic in core. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1F6; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S6, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2. No other Juniper Networks products or platforms are affected by this issue.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ex2300/ex3400 series srx series qfx5200/qfx5110 series qfx10k series juniper networks nfx series
Published: 2018-10-10 | Modified: 2024-09-17
CVE-2019-12266
High
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: wyze
Published: 2022-03-30 | Modified: 2024-09-17
CVE-2018-3929
High
An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: antenna house
Published: 2018-07-11 | Modified: 2024-09-17
CVE-2018-5399
Critical
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.
🛡️ CVSS: 9.4 🆕 New Entry
/vendors/: armv7 auto-maskin
Published: 2018-10-08 | Modified: 2024-09-17
CVE-2018-12413
High
The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-11-07 | Modified: 2024-09-17
CVE-2019-15791
High
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ubuntu
Published: 2020-04-23 | Modified: 2024-09-17
CVE-2019-17331
High
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-11-12 | Modified: 2024-09-17
CVE-2019-0003
High
When a specific BGP flowspec configuration is enabled and upon receipt of a specific matching BGP packet meeting a specific term in the flowspec configuration, a reachable assertion failure occurs, causing the routing protocol daemon (rpd) process to crash with a core file being generated. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D70 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 15.1 versions prior to 15.1R3; 15.1F versions prior to 15.1F3; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series ex2200/vc, ex3200, ex3300/vc, ex4200, ex4300, ex4550/vc, ex4600, ex6200, ex8200/vc (xre), qfx3500, qfx3600, qfx5100 juniper networks ex2300/ex3400
Published: 2019-01-15 | Modified: 2024-09-17
CVE-2018-3842
High
An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-19 | Modified: 2024-09-17
CVE-2019-11205
High
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-05-14 | Modified: 2024-09-17
CVE-2018-4056
Critical
An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: talos
Published: 2019-02-05 | Modified: 2024-09-17
CVE-2018-5199
High
In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: mac os wizvera
Published: 2018-12-20 | Modified: 2024-09-17
CVE-2018-0016
Critical
Receipt of a specially crafted Connectionless Network Protocol (CLNP) datagram destined to an interface of a Junos OS device may result in a kernel crash or lead to remote code execution. Devices are only vulnerable to the specially crafted CLNP datagram if 'clns-routing' or ES-IS is explicitly configured. Devices with without CLNS enabled are not vulnerable to this issue. Devices with IS-IS configured on the interface are not vulnerable to this issue unless CLNS routing is also enabled. This issue only affects devices running Junos OS 15.1. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5; 15.1X49 versions prior to 15.1X49-D60; 15.1X53 versions prior to 15.1X53-D66, 15.1X53-D233, 15.1X53-D471. Earlier releases are unaffected by this vulnerability, and the issue has been resolved in Junos OS 16.1R1 and all subsequent releases.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-04-11 | Modified: 2024-09-17
CVE-2018-3978
High
An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: the atlantis word processor team
Published: 2018-10-01 | Modified: 2024-09-17
CVE-2018-1386
High
IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2018-03-14 | Modified: 2024-09-16
CVE-2018-1458
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2018-07-10 | Modified: 2024-09-16
CVE-2018-3998
High
An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: the atlantis word processor team
Published: 2018-10-01 | Modified: 2024-09-16
CVE-2018-11746
High
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: puppet
Published: 2018-07-03 | Modified: 2024-09-16
CVE-2018-3919
High
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-16
CVE-2018-1547
High
IBM Robotic Process Automation with Automation Anywhere 10.0 could allow a remote attacker to execute arbitrary code on the system, caused by improper output encoding in an CSV export. By persuading a victim to download the CSV export, to open it in Microsoft Excel and to confirm the two security questions, an attacker could exploit this vulnerability to run any command or program on the victim's machine. IBM X-Force ID: 142651.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: ibm
Published: 2018-06-07 | Modified: 2024-09-16
CVE-2018-1756
High
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM X-Force ID: 148599.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: ibm
Published: 2018-09-07 | Modified: 2024-09-16
CVE-2019-11278
High
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: cloud foundry
Published: 2019-09-26 | Modified: 2024-09-16
CVE-2018-8913
High
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: synology
Published: 2019-04-01 | Modified: 2024-09-16
CVE-2018-3994
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-03 | Modified: 2024-09-16
CVE-2018-1702
High
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-09-28 | Modified: 2024-09-16
CVE-2019-11603
High
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-08-21 | Modified: 2024-09-16
CVE-2019-11286
Critical
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: vmware tanzu
Published: 2020-07-31 | Modified: 2024-09-16
CVE-2018-6500
High
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: micro focus
Published: 2018-09-20 | Modified: 2024-09-16
CVE-2019-15792
High
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ubuntu
Published: 2020-04-23 | Modified: 2024-09-16
CVE-2019-18578
Critical
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: dell
Published: 2020-03-13 | Modified: 2024-09-16
CVE-2018-1936
High
IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2019-04-03 | Modified: 2024-09-16
CVE-2018-3992
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-08 | Modified: 2024-09-16
CVE-2018-3939
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-08-01 | Modified: 2024-09-16
CVE-2018-0002
High
On SRX Series and MX Series devices with a Service PIC with any ALG enabled, a crafted TCP/IP response packet processed through the device results in memory corruption leading to a flowd daemon crash. Sustained crafted response packets lead to repeated crashes of the flowd daemon which results in an extended Denial of Service condition. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D60 on SRX series; 12.3X48 versions prior to 12.3X48-D35 on SRX series; 14.1 versions prior to 14.1R9 on MX series; 14.2 versions prior to 14.2R8 on MX series; 15.1X49 versions prior to 15.1X49-D60 on SRX series; 15.1 versions prior to 15.1R5-S8, 15.1F6-S9, 15.1R6-S4, 15.1R7 on MX series; 16.1 versions prior to 16.1R6 on MX series; 16.2 versions prior to 16.2R3 on MX series; 17.1 versions prior to 17.1R2-S4, 17.1R3 on MX series. No other Juniper Networks products or platforms are affected by this issue.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: srx series mx series juniper networks
Published: 2018-01-10 | Modified: 2024-09-16
CVE-2018-12472
High
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: suse linux
Published: 2018-10-04 | Modified: 2024-09-16
CVE-2019-15065
Critical
A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: hinet
Published: 2019-10-17 | Modified: 2024-09-16
CVE-2018-3907
Critical
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: talos
Published: 2018-08-24 | Modified: 2024-09-16
CVE-2019-0044
High
Receipt of a specific packet on the out-of-band management interface fxp0 may cause the system to crash and restart (vmcore). By continuously sending a specially crafted packet to the fxp0 interface, an attacker can repetitively crash the rpd process causing prolonged Denial of Service (DoS). Affected releases are Juniper Networks SRX5000 Series: 12.1X46 versions prior to 12.1X46-D82; 12.3X48 versions prior to 12.3X48-D80; 15.1X49 versions prior to 15.1X49-D160.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks srx5000 series
Published: 2019-04-10 | Modified: 2024-09-16
CVE-2018-1588
High
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143501.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-09-25 | Modified: 2024-09-16
CVE-2019-13411
Critical
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: hinet
Published: 2019-10-17 | Modified: 2024-09-16
CVE-2018-1635
High
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: ibm
Published: 2019-08-20 | Modified: 2024-09-16
CVE-2018-1712
High
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: ibm
Published: 2018-08-16 | Modified: 2024-09-16
CVE-2018-15764
Critical
Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code in the server's JVM.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: dell emc
Published: 2018-09-28 | Modified: 2024-09-16
CVE-2018-3900
Critical
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: yi
Published: 2018-11-01 | Modified: 2024-09-16
CVE-2018-3960
High
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-10-02 | Modified: 2024-09-16
CVE-2018-0041
Critical
Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-07-11 | Modified: 2024-09-16
CVE-2018-5200
High
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: pandora.tv x86, x64
Published: 2018-12-20 | Modified: 2024-09-16
CVE-2019-11253
High
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: kubernetes
Published: 2019-10-17 | Modified: 2024-09-16
CVE-2018-1607
High
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 143797.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-09-25 | Modified: 2024-09-16
CVE-2018-3886
High
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-11 | Modified: 2024-09-16
CVE-2018-8925
High
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: synology
Published: 2018-06-08 | Modified: 2024-09-16
CVE-2018-1850
High
IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ibm
Published: 2018-10-22 | Modified: 2024-09-16
CVE-2018-5198
High
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: mac os wizvera
Published: 2018-12-20 | Modified: 2024-09-16
CVE-2018-1905
High
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-11-26 | Modified: 2024-09-16
CVE-2019-18581
Critical
Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this vulnerability to alter the application’s allowable list of OS commands. This may lead to arbitrary OS command execution as the regular user runs the DPA service on the affected system.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: dell
Published: 2020-03-18 | Modified: 2024-09-16
CVE-2018-0051
High
A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT or stateful firewall configuration in combination with the SIP ALG enabled. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs in SRX device can be obtained by executing the command: show security alg status Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D70; 15.1X49 versions prior to 15.1X49-D140; 15.1 versions prior to 15.1R4-S9, 15.1R7-S1; 15.1F6; 16.1 versions prior to 16.1R4-S9, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S5, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R2. No other Juniper Networks products or platforms are affected by this issue.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2018-10-10 | Modified: 2024-09-16
CVE-2018-1821
High
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-12-13 | Modified: 2024-09-16
CVE-2018-3839
High
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cisco systems, inc.
Published: 2018-04-10 | Modified: 2024-09-16
CVE-2018-1897
High
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-11-30 | Modified: 2024-09-16
CVE-2018-11064
High
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result in arbitrary code execution with elevated privileges. No user file systems are directly affected by this vulnerability.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: dell emc
Published: 2018-10-05 | Modified: 2024-09-16
CVE-2018-3943
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-10-02 | Modified: 2024-09-16
CVE-2018-3850
High
An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-23 | Modified: 2024-09-16
CVE-2018-15784
High
Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server's certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: dell
Published: 2019-01-18 | Modified: 2024-09-16
CVE-2019-11855
High
An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: n/a
Published: 2020-08-21 | Modified: 2024-09-16
CVE-2019-0062
High
A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series ex series juniper networks
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2018-3915
High
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: samsung
Published: 2018-09-21 | Modified: 2024-09-16
CVE-2019-11209
High
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-08-20 | Modified: 2024-09-16
CVE-2019-19165
High
AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: inogard co,,ltd
Published: 2020-04-29 | Modified: 2024-09-16
CVE-2018-12463
High
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: micro focus
Published: 2018-07-12 | Modified: 2024-09-16
CVE-2018-0043
High
Receipt of a specific MPLS packet may cause the routing protocol daemon (RPD) process to crash and restart or may lead to remote code execution. By continuously sending specific MPLS packets, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. This issue affects both IPv4 and IPv6. This issue can only be exploited from within the MPLS domain. End-users connected to the CE device cannot cause this crash. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 14.1X53 versions prior to 14.1X53-D130 on QFabric Series; 15.1F6 versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9 15.1R7; 15.1X49 versions prior to 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S8 16.1R4-S8 16.1R5-S4 16.1R6-S4 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R1-S6 16.2R3; 17.1 versions prior to 17.1R1-S7 17.1R2-S6 17.1R3; 17.2 versions prior to 17.2R1-S6 17.2R2-S3 17.2R3; 17.2X75 versions prior to 17.2X75-D100 17.2X75-D42 17.2X75-D91; 17.3 versions prior to 17.3R1-S4 17.3R2-S2 17.3R3; 17.4 versions prior to 17.4R1-S3 17.4R2 . No other Juniper Networks products or platforms are affected by this issue.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: qfabric series ex2300/ex3400 series srx series qfx5200/qfx5110 series qfx10k series juniper networks nfx series qfx/ex series
Published: 2018-10-10 | Modified: 2024-09-16
CVE-2018-7689
High
Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: opensuse
Published: 2018-06-07 | Modified: 2024-09-16
CVE-2018-7687
High
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: micro focus
Published: 2018-05-21 | Modified: 2024-09-16
CVE-2018-3965
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-03 | Modified: 2024-09-16
CVE-2018-1002103
High
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: kubernetes
Published: 2018-12-05 | Modified: 2024-09-16
CVE-2019-17094
High
A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: belkin
Published: 2020-01-27 | Modified: 2024-09-16
CVE-2019-18579
High
Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's system can obtain read or write access to main memory via a DMA attack during platform boot.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: dell
Published: 2019-12-16 | Modified: 2024-09-16
CVE-2018-0044
Critical
An insecure SSHD configuration in Juniper Device Manager (JDM) and host OS on Juniper NFX Series devices may allow remote unauthenticated access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to "yes". Affected releases are Juniper Networks Junos OS: 18.1 versions prior to 18.1R4 on NFX Series.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: nfx series juniper networks
Published: 2018-10-10 | Modified: 2024-09-16
CVE-2018-1649
High
IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144655.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: ibm
Published: 2018-10-05 | Modified: 2024-09-16
CVE-2018-3897
Critical
An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "callbackUrl" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-10 | Modified: 2024-09-16
CVE-2018-1421
High
IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-04-04 | Modified: 2024-09-16
CVE-2018-3967
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-03 | Modified: 2024-09-16
CVE-2018-4013
Critical
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: live networks
Published: 2018-10-19 | Modified: 2024-09-16
CVE-2018-1669
High
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 144950.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-09-25 | Modified: 2024-09-16
CVE-2018-5744
High
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: isc
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2018-5553
Critical
The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: crestron
Published: 2018-07-10 | Modified: 2024-09-16
CVE-2018-3962
High
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-10-02 | Modified: 2024-09-16
CVE-2019-18572
High
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: dell
Published: 2019-12-18 | Modified: 2024-09-16
CVE-2019-0066
High
An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2019-11857
Critical
Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: n/a
Published: 2020-08-21 | Modified: 2024-09-16
CVE-2019-18580
Critical
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: dell
Published: 2019-11-26 | Modified: 2024-09-16
CVE-2019-0010
High
An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages: all_logs.0:Jun 8 03:25:03 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 50%. all_logs.0:Jun 8 03:25:13 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 51%. all_logs.0:Jun 8 03:25:24 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 52%. ... Eventually the system runs out of mbufs and the system crashes (fails over) with the error "mbuf exceed". This issue only occurs when HTTP AV inspection is configured. Devices configured for Web Filtering alone are unaffected by this issue. Affected releases are Junos OS on SRX Series: 12.1X46 versions prior to 12.1X46-D81; 12.3X48 versions prior to 12.3X48-D77; 15.1X49 versions prior to 15.1X49-D101, 15.1X49-D110.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2019-01-15 | Modified: 2024-09-16
CVE-2019-0049
High
On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a certain sequence of BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. Repeated crashes of the RPD process can cause prolonged Denial of Service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S3; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.2X75 versions prior to 17.2X75-D105; 17.3 versions prior to 17.3R3-S2; 17.4 versions prior to 17.4R1-S7, 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D30; 18.3 versions prior to 18.3R1-S4, 18.3R2. Junos OS releases prior to 16.1R1 are not affected.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2019-07-11 | Modified: 2024-09-16
CVE-2018-3973
High
An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2019-02-06 | Modified: 2024-09-16
CVE-2019-11289
High
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: cloud foundry
Published: 2019-11-19 | Modified: 2024-09-16
CVE-2018-1784
High
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-12-20 | Modified: 2024-09-16
CVE-2018-4038
High
An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-12-01 | Modified: 2024-09-16
CVE-2019-0055
High
A vulnerability in the SIP ALG packet processing service of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific types of valid SIP traffic to the device. In this case, the flowd process crashes and generates a core dump while processing SIP ALG traffic. Continued receipt of these valid SIP packets will result in a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D61, 12.3X48-D65 on SRX Series; 15.1X49 versions prior to 15.1X49-D130 on SRX Series; 17.3 versions prior to 17.3R3 on SRX Series; 17.4 versions prior to 17.4R2 on SRX Series.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2019-11862
High
The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: n/a
Published: 2020-08-21 | Modified: 2024-09-16
CVE-2019-0029
High
Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: juniper networks
Published: 2019-01-15 | Modified: 2024-09-16
CVE-2018-1722
Critical
IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: ibm
Published: 2018-08-24 | Modified: 2024-09-16
CVE-2018-17487
High
Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and signing in as a visitor, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: jolly technologies
Published: 2019-03-19 | Modified: 2024-09-16
CVE-2018-1567
Critical
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: ibm
Published: 2018-09-07 | Modified: 2024-09-16
CVE-2018-3923
High
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: computerinsel
Published: 2018-08-01 | Modified: 2024-09-16
CVE-2018-15640
High
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: odoo
Published: 2019-04-09 | Modified: 2024-09-16
CVE-2019-0020
Critical
Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: juniper networks
Published: 2019-01-15 | Modified: 2024-09-16
CVE-2018-3947
Critical
An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: yi
Published: 2018-11-01 | Modified: 2024-09-16
CVE-2018-4020
High
An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: netgate
Published: 2018-12-03 | Modified: 2024-09-16
CVE-2018-11051
High
RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: rsa
Published: 2018-07-03 | Modified: 2024-09-16
CVE-2018-3862
High
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-12 | Modified: 2024-09-16
CVE-2019-15789
High
Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: canonical
Published: 2020-04-08 | Modified: 2024-09-16
CVE-2018-1426
High
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2018-03-22 | Modified: 2024-09-16
CVE-2018-12414
High
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-11-07 | Modified: 2024-09-16
CVE-2018-5560
Critical
A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: practecol, llc
Published: 2019-01-31 | Modified: 2024-09-16
CVE-2019-0022
Critical
Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: juniper networks
Published: 2019-01-15 | Modified: 2024-09-16
CVE-2018-0037
Critical
Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. By continuously sending crafted BGP NOTIFICATION messages, an attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Due to design improvements, this issue does not affect Junos OS 16.1R1, and all subsequent releases. This issue only affects the receiving BGP device and is non-transitive in nature. Affected releases are Juniper Networks Junos OS: 15.1F5 versions starting from 15.1F5-S7 and all subsequent releases; 15.1F6 versions starting from 15.1F6-S3 and later releases prior to 15.1F6-S10; 15.1F7 versions 15.1 versions starting from 15.1R5 and later releases, including the Service Releases based on 15.1R5 and on 15.1R6 prior to 15.1R6-S6 and 15.1R7;
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-07-11 | Modified: 2024-09-16
CVE-2019-18906
Critical
A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: suse
Published: 2021-06-30 | Modified: 2024-09-16
CVE-2019-17337
High
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-12-17 | Modified: 2024-09-16
CVE-2019-11290
High
Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cloud foundry
Published: 2019-11-25 | Modified: 2024-09-16
CVE-2019-13412
Critical
A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: hinet
Published: 2019-10-17 | Modified: 2024-09-16
CVE-2018-3928
High
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: yi
Published: 2018-11-01 | Modified: 2024-09-16
CVE-2019-0019
High
When BGP tracing is enabled an incoming BGP message may cause the Junos OS routing protocol daemon (rpd) process to crash and restart. While rpd restarts after a crash, repeated crashes can result in an extended DoS condition. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9, 16.2R3; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3-S1; 17.3 versions prior to 17.3R3-S3, 17.3R3-S4, 17.3R4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3, 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4, 18.1R4; 18.2 versions prior to 18.2R2-S2, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect Junos releases prior to 16.1R1.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2019-04-10 | Modified: 2024-09-16
CVE-2018-17492
High
EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: hid global
Published: 2019-03-19 | Modified: 2024-09-16
CVE-2018-0052
High
If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command allows a privileged Junos user to enable RSH service and disable PAM, and hence expose the system to unauthenticated root access. When RSH is enabled, the device is listing to RSH connections on port 514. This issue is not exploitable on platforms where Junos release is based on FreeBSD 10+. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77 on SRX Series; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D75 on SRX Series; 14.1X53 versions prior to 14.1X53-D47 on QFX/EX Series; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140 on SRX Series; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400 Series; 15.1X53 versions prior to 15.1X53-D67 on QFX10K Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX Series; 16.1 versions prior to 16.1R3-S9, 16.1R4-S9, 16.1R5-S4, 16.1R6-S4, 16.1R7; 16.2 versions prior to 16.2R2-S5; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D110, 17.2X75-D91; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.2X75 versions prior to 18.2X75-D5.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: ex2300/ex3400 series srx series qfx5200/qfx5110 series qfx10k series juniper networks nfx series qfx/ex series
Published: 2018-10-10 | Modified: 2024-09-16
CVE-2018-12416
High
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-11-13 | Modified: 2024-09-16
CVE-2019-0060
High
The flowd process, responsible for forwarding traffic in SRX Series services gateways, may crash and restart when processing specific transit IP packets through an IPSec tunnel. Continued processing of these packets may result in an extended Denial of Service (DoS) condition. This issue only occurs when IPSec tunnels are configured. Systems without IPSec tunnel configurations are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180 on SRX Series; 18.2 versions 18.2R2-S1 and later, prior to 18.2R3 on SRX Series; 18.4 versions prior to 18.4R2 on SRX Series.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2019-0036
High
When configuring a stateless firewall filter in Junos OS, terms named using the format "internal-n" (e.g. "internal-1", "internal-2", etc.) are silently ignored. No warning is issued during configuration, and the config is committed without error, but the filter criteria will match all packets leading to unexpected results. Affected releases are Juniper Networks Junos OS: All versions prior to and including 12.3; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D161, 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496, 15.1X53-D69; 16.1 versions prior to 16.1R7-S4, 16.1R7-S5; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S7, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S4; 18.2 versions prior to 18.2R1-S5, 18.2R2-S1; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3; 18.4 versions prior to 18.4R1-S1, 18.4R1-S2.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: juniper networks
Published: 2019-04-10 | Modified: 2024-09-16
CVE-2018-17491
High
EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By visiting the kiosk and typing "esc" to exit the program, an attacker could exploit this vulnerability to perform unauthorized actions on the computer.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: hid global
Published: 2019-03-19 | Modified: 2024-09-16
CVE-2019-0021
High
On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: juniper networks
Published: 2019-01-15 | Modified: 2024-09-16
CVE-2019-11277
High
Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: cloud foundry
Published: 2019-09-23 | Modified: 2024-09-16
CVE-2018-3872
Critical
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-16
CVE-2019-11480
High
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: canonical
Published: 2020-04-14 | Modified: 2024-09-16
CVE-2019-0031
High
Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. Once started, memory consumption will eventually impact any IPv4 or IPv6 request serviced by the jdhcpd daemon, thus creating a Denial of Service (DoS) condition to clients requesting and not receiving IP addresses. Additionally, some clients which were previously holding IPv6 addresses will not have their IPv6 Identity Association (IA) address and network tables agreed upon by the jdhcpd daemon after the failover event occurs, which leads to more than one interface, and multiple IP addresses, being denied on the client. Affected releases are Juniper Networks Junos OS: 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: juniper networks
Published: 2019-04-10 | Modified: 2024-09-16
CVE-2018-8929
High
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: synology
Published: 2018-07-06 | Modified: 2024-09-16
CVE-2018-1595
High
IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ibm
Published: 2018-08-01 | Modified: 2024-09-16
CVE-2019-17332
High
The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-11-12 | Modified: 2024-09-16
CVE-2018-5383
High
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: apple android open source project
Published: 2018-08-07 | Modified: 2024-09-16
CVE-2018-1802
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-11-09 | Modified: 2024-09-16
CVE-2018-3925
High
An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-16
CVE-2018-1245
Critical
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: rsa
Published: 2018-07-13 | Modified: 2024-09-16
CVE-2019-11203
High
The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-04-24 | Modified: 2024-09-16
CVE-2018-1710
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-09-21 | Modified: 2024-09-16
CVE-2018-1920
High
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-12-07 | Modified: 2024-09-16
CVE-2018-12415
High
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-11-07 | Modified: 2024-09-16
CVE-2019-11061
Critical
A broken access control vulnerability in HG100 firmware versions up to 4.00.06 allows an attacker in the same local area network to control IoT devices that connect with itself via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: asus
Published: 2019-08-29 | Modified: 2024-09-16
CVE-2019-12254
Critical
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: tecson gok
Published: 2022-05-06 | Modified: 2024-09-16
CVE-2018-12465
Critical
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: micro focus
Published: 2018-06-29 | Modified: 2024-09-16
CVE-2018-3870
High
An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: acd systems
Published: 2018-07-19 | Modified: 2024-09-16
CVE-2018-1846
High
IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-11-02 | Modified: 2024-09-16
CVE-2018-5378
High
The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: quagga
Published: 2018-02-19 | Modified: 2024-09-16
CVE-2018-3904
Critical
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-27 | Modified: 2024-09-16
CVE-2019-17330
High
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-11-12 | Modified: 2024-09-16
CVE-2018-3873
Critical
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-21 | Modified: 2024-09-16
CVE-2018-1978
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2019-03-11 | Modified: 2024-09-16
CVE-2018-1744
High
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: ibm
Published: 2018-10-15 | Modified: 2024-09-16
CVE-2018-1647
High
IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: ibm
Published: 2018-10-05 | Modified: 2024-09-16
CVE-2018-0048
High
A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue only affects devices with JET support running Junos OS 17.2R1 and subsequent releases. Other versions of Junos OS are unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R1-S5, 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3;
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2018-10-10 | Modified: 2024-09-16
CVE-2018-17954
Critical
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: suse
Published: 2020-04-03 | Modified: 2024-09-16
CVE-2018-1851
High
IBM WebSphere Application Server Liberty OpenID Connect could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization. By sending a specially-crafted request to the RP service, an attacker could exploit this vulnerability to execute arbitrary code. IBM X-Force ID: 150999.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: ibm
Published: 2018-10-31 | Modified: 2024-09-16
CVE-2018-0012
High
Junos Space is affected by a privilege escalation vulnerability that may allow a local authenticated attacker to gain root privileges.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-01-10 | Modified: 2024-09-16
CVE-2018-13296
High
Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: synology
Published: 2019-04-01 | Modified: 2024-09-16
CVE-2018-0020
High
Junos OS may be impacted by the receipt of a malformed BGP UPDATE which can lead to a routing process daemon (rpd) crash and restart. Receipt of a repeated malformed BGP UPDATEs can result in an extended denial of service condition for the device. This malformed BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D130 on SRX; 15.1X53 versions prior to 15.1X53-D66 on QFX10K; 15.1X53 versions prior to 15.1X53-D58 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S3, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D47; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R2-S3, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2-S1, 17.2R3; 17.2X75 versions prior to 17.2X75-D70; 13.2 versions above and including 13.2R1. Versions prior to 13.2R1 are not affected. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: qfx10k qfx5200/qfx5110 juniper networks nfx srx ex2300/ex3400
Published: 2018-04-11 | Modified: 2024-09-16
CVE-2018-1721
High
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or cause the web server to make HTTP requests to arbitrary domains. IBM X-Force ID: 147369.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: ibm
Published: 2019-11-09 | Modified: 2024-09-16
CVE-2019-15794
High
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ubuntu
Published: 2020-04-23 | Modified: 2024-09-16
CVE-2019-17444
Critical
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: jfrog
Published: 2020-10-12 | Modified: 2024-09-16
CVE-2018-5435
Critical
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.
🛡️ CVSS: 9.6 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-06-27 | Modified: 2024-09-16
CVE-2018-18807
High
The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-11-26 | Modified: 2024-09-16
CVE-2018-3966
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-03 | Modified: 2024-09-16
CVE-2018-18808
High
The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-03-07 | Modified: 2024-09-16
CVE-2018-1437
High
IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: ibm
Published: 2018-03-14 | Modified: 2024-09-16
CVE-2018-1774
High
IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to CSV injection via the developer portal and analytics that could contain malicious commands that would be executed once opened by an administrator. IBM X-Force ID: 148692.
🛡️ CVSS: 8.9 🆕 New Entry
/vendors/: ibm
Published: 2018-11-09 | Modified: 2024-09-16
CVE-2019-0052
High
The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 17.3 versions on SRX Series; 17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series; 18.1 versions prior to 18.1R3-S6 on SRX Series; 18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2019-07-11 | Modified: 2024-09-16
CVE-2018-13280
High
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: synology
Published: 2018-07-30 | Modified: 2024-09-16
CVE-2019-11823
High
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: synology
Published: 2020-05-04 | Modified: 2024-09-16
CVE-2018-1634
High
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: ibm
Published: 2019-08-20 | Modified: 2024-09-16
CVE-2018-12468
Critical
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: micro focus
Published: 2018-08-01 | Modified: 2024-09-16
CVE-2019-0006
Critical
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. This issue only occurs when the crafted packet it destined to the device. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D47 on EX and QFX Virtual Chassis Platforms; 15.1 versions prior to 15.1R7-S3 all Virtual Chassis Platforms 15.1X53 versions prior to 15.1X53-D50 on EX and QFX Virtual Chassis Platforms.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: ex virtual chassis platforms, qfx virtual chassis platforms, mx virtual chassis platforms ex virtual chassis platforms, qfx virtual chassis platforms juniper networks
Published: 2019-01-15 | Modified: 2024-09-16
CVE-2019-11280
High
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. A remote authenticated user can gain additional privileges by inviting themselves to spaces that they should not have access to.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: pivotal
Published: 2019-09-20 | Modified: 2024-09-16
CVE-2018-1243
High
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: dell emc
Published: 2018-07-02 | Modified: 2024-09-16
CVE-2019-11210
Critical
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-09-18 | Modified: 2024-09-16
CVE-2018-4039
High
An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-12-01 | Modified: 2024-09-16
CVE-2019-0053
High
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: juniper networks
Published: 2019-07-11 | Modified: 2024-09-16
CVE-2018-0030
High
Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1, FPC-P2) line cards or PTX1K to crash and restart. By continuously sending specific MPLS packets, an attacker can repeatedly crash the line cards or PTX1K causing a sustained Denial of Service. Affected releases are Juniper Networks Junos OS with MPC7/8/9 or PTX-FPC3 (FPC-P1, FPC-P2) installed and PTX1K: 15.1F versions prior to 15.1F6-S10; 15.1 versions prior to 15.1R4-S9, 15.1R6-S6, 15.1R7; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.1X65 versions prior to 16.1X65-D46; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S4, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D70, 17.2X75-D90; 17.3 versions prior to 17.3R1-S4, 17.3R2, 17.4 versions prior to 17.4R1-S2, 17.4R2. Refer to KB25385 for more information about PFE line cards.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2018-07-11 | Modified: 2024-09-16
CVE-2018-3930
High
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: antenna house
Published: 2018-07-11 | Modified: 2024-09-16
CVE-2018-11059
High
RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: dell emc
Published: 2018-07-24 | Modified: 2024-09-16
CVE-2018-1780
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: ibm
Published: 2018-11-09 | Modified: 2024-09-16
CVE-2018-0022
High
A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number of mbufs that are currently in use and maximum number of mbufs that can be allocated on a platform: > show system buffers 2437/3143/5580 mbufs in use (current/cache/total) Once the device runs out of mbufs it will become inaccessible and a restart will be required. This issue only affects end devices, transit devices are not affected. Affected releases are Juniper Networks Junos OS with VPLS configured running: 12.1X46 versions prior to 12.1X46-D76; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D47; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D58 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471 on NFX; 15.1X53 versions prior to 15.1X53-D66 on QFX10; 16.1 versions prior to 16.1R3-S8, 16.1R4-S6, 16.1R5; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R1-S5, 17.2R2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: ex2300/ex3400 qfx5200/qfx5110 juniper networks nfx qfx10
Published: 2018-04-11 | Modified: 2024-09-16
CVE-2018-1417
High
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: ibm
Published: 2018-02-22 | Modified: 2024-09-16
CVE-2018-1264
Critical
Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case, if this client is an admin, the attacker would gain complete control over the Foundation.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: cloud foundry
Published: 2018-10-05 | Modified: 2024-09-16
CVE-2018-1633
High
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: ibm
Published: 2019-08-20 | Modified: 2024-09-16
CVE-2018-3881
Critical
An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise.
🛡️ CVSS: 9.4 🆕 New Entry
/vendors/: focalscope
Published: 2018-08-01 | Modified: 2024-09-16
CVE-2018-15796
High
Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing them complete read and write access to the the Bits Service storage.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: cloud foundry
Published: 2018-11-09 | Modified: 2024-09-16
CVE-2019-12805
High
NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ncsoft
Published: 2019-08-09 | Modified: 2024-09-16
CVE-2018-3984
High
An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: the atlantis word processor team
Published: 2018-10-01 | Modified: 2024-09-16
CVE-2018-8926
High
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: synology
Published: 2018-06-08 | Modified: 2024-09-16
CVE-2018-1695
High
IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: ibm
Published: 2018-09-06 | Modified: 2024-09-16
CVE-2018-1515
High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2018-05-25 | Modified: 2024-09-16
CVE-2019-0037
High
In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: juniper networks
Published: 2019-04-10 | Modified: 2024-09-16
CVE-2018-3997
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-08 | Modified: 2024-09-16
CVE-2018-15762
Critical
Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: pivotal cloud foundry
Published: 2018-11-02 | Modified: 2024-09-16
CVE-2019-11292
High
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: pivotal
Published: 2020-01-08 | Modified: 2024-09-16
CVE-2018-15763
Critical
Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these credentials.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: pivotal
Published: 2018-10-05 | Modified: 2024-09-16
CVE-2018-5196
High
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: estsoft x86, x64
Published: 2018-12-21 | Modified: 2024-09-16
CVE-2018-1469
Critical
IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: ibm
Published: 2018-04-04 | Modified: 2024-09-16
CVE-2018-3959
High
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit
Published: 2018-10-02 | Modified: 2024-09-16
CVE-2018-3916
High
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: samsung
Published: 2018-08-28 | Modified: 2024-09-16
CVE-2018-3911
High
An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-16
CVE-2019-17334
High
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-12-17 | Modified: 2024-09-16
CVE-2018-3861
High
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-12 | Modified: 2024-09-16
CVE-2018-8919
High
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: synology
Published: 2018-12-24 | Modified: 2024-09-16
CVE-2018-3902
Critical
An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-16
CVE-2019-0056
High
This issue only affects devices with three (3) or more MPC10's installed in a single chassis with OSPF enabled and configured on the device. An Insufficient Resource Pool weakness allows an attacker to cause the device's Open Shortest Path First (OSPF) states to transition to Down, resulting in a Denial of Service (DoS) attack. This attack requires a relatively large number of specific Internet Mixed (IMIXed) types of genuine and valid IPv6 packets to be transferred by the attacker in a relatively short period of time, across three or more PFE's on the device at the same time. Continued receipt of the traffic sent by the attacker will continue to cause OSPF to remain in the Down starting state, or flap between other states and then again to Down, causing a persistent Denial of Service. This attack will affect all IPv4, and IPv6 traffic served by the OSPF routes once the OSPF states transition to Down. This issue affects: Juniper Networks Junos OS on MX480, MX960, MX2008, MX2010, MX2020: 18.1 versions prior to 18.1R2-S4, 18.1R3-S5; 18.1X75 version 18.1X75-D10 and later versions; 18.2 versions prior to 18.2R1-S5, 18.2R2-S3, 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R1-S4, 18.3R2, 18.3R3; 18.4 versions prior to 18.4R1-S2, 18.4R2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: mx480, mx960, mx2008, mx2010, mx2020 juniper networks
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2018-3940
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-08 | Modified: 2024-09-16
CVE-2018-1524
High
IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ibm
Published: 2018-08-03 | Modified: 2024-09-16
CVE-2018-12470
Critical
A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: suse linux
Published: 2018-10-04 | Modified: 2024-09-16
CVE-2019-18898
High
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: suse opensuse
Published: 2020-01-23 | Modified: 2024-09-16
CVE-2018-15797
High
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote authenticated user with access to BOSH can obtain the admin credentials for the Cloud Foundry Platform through the logs of the NFS volume deploy errand.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: cloud foundry
Published: 2018-12-05 | Modified: 2024-09-16
CVE-2018-3863
Critical
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-16
CVE-2018-3921
High
A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: computerinsel
Published: 2018-08-01 | Modified: 2024-09-16
CVE-2018-5732
High
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: isc
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2019-11063
Critical
A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) via http://[target]/smarthome/devicecontrol without any authentication. CVSS 3.0 base score 10 (Confidentiality, Integrity and Availability impacts). CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: asus
Published: 2019-08-29 | Modified: 2024-09-16
CVE-2018-1618
High
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 144343.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: ibm
Published: 2019-04-02 | Modified: 2024-09-16
CVE-2018-3975
High
An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: the atlantis word processor team
Published: 2018-10-01 | Modified: 2024-09-16
CVE-2019-11891
High
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: bosch
Published: 2019-05-29 | Modified: 2024-09-16
CVE-2018-6661
High
DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: mcafee
Published: 2018-04-02 | Modified: 2024-09-16
CVE-2018-0032
High
The receipt of a crafted BGP UPDATE can lead to a routing process daemon (RPD) crash and restart. Repeated receipt of the same crafted BGP UPDATE can result in an extended denial of service condition for the device. This issue only affects the specific versions of Junos OS listed within this advisory. Earlier releases are unaffected by this vulnerability. This crafted BGP UPDATE does not propagate to other BGP peers. Affected releases are Juniper Networks Junos OS: 16.1X65 versions prior to 16.1X65-D47; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D110; 17.3 versions prior to 17.3R1-S4, 17.3R2; 17.4 versions prior to 17.4R1-S3, 17.4R2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2018-07-11 | Modified: 2024-09-16
CVE-2018-13283
High
Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: synology
Published: 2019-04-01 | Modified: 2024-09-16
CVE-2018-1656
High
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2018-08-20 | Modified: 2024-09-16
CVE-2018-1745
High
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: ibm
Published: 2018-10-11 | Modified: 2024-09-16
CVE-2018-5400
Critical
The Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. The originating device sends a message in plaintext, 48:65:6c:6c:6f:20:57:6f:72:6c:64, "Hello World" over UDP ports 44444-44446 to the broadcast address for the LAN. Without verification devices respond to any of these broadcast messages on the LAN with a plaintext reply over UDP containing the device model and firmware version. Following this exchange the devices allow Modbus transmissions between the two devices on the standard Modbus port 502 TCP. Impact: An attacker can exploit this vulnerability to send arbitrary messages to any DCU or RP device through spoofing or replay attacks as long as they have access to the network. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: armv7 android auto-maskin
Published: 2018-10-08 | Modified: 2024-09-16
CVE-2018-3938
Critical
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: talos
Published: 2018-08-14 | Modified: 2024-09-16
CVE-2018-3852
High
An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: talos
Published: 2018-06-06 | Modified: 2024-09-16
CVE-2018-1730
High
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-12-05 | Modified: 2024-09-16
CVE-2019-11829
High
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: synology
Published: 2019-06-30 | Modified: 2024-09-16
CVE-2018-1251
High
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: dell emc
Published: 2018-09-28 | Modified: 2024-09-16
CVE-2018-12411
High
The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-11-07 | Modified: 2024-09-16
CVE-2018-3858
High
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: acd systems
Published: 2018-07-19 | Modified: 2024-09-16
CVE-2018-1632
High
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: ibm
Published: 2019-08-20 | Modified: 2024-09-16
CVE-2018-3945
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-08 | Modified: 2024-09-16
CVE-2019-11601
Critical
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: n/a
Published: 2019-08-21 | Modified: 2024-09-16
CVE-2018-18816
High
The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-03-07 | Modified: 2024-09-16
CVE-2018-5740
High
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: isc
Published: 2019-01-16 | Modified: 2024-09-16
CVE-2019-0071
High
Veriexec is a kernel-based file integrity subsystem in Junos OS that ensures only authorized binaries are able to be executed. Due to a flaw in specific versions of Junos OS, affecting specific EX Series platforms, the Veriexec subsystem will fail to initialize, in essence disabling file integrity checking. This may allow a locally authenticated user with shell access to install untrusted executable images, and elevate privileges to gain full control of the system. During the installation of an affected version of Junos OS are installed, the following messages will be logged to the console: Initializing Verified Exec: /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" /sbin/veriexec: Undefined symbol "__aeabi_uidiv" veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/brcm-hr3.dtb: Authentication error veriexec: /.mount/packages/db/os-kernel-prd-arm-32-20190221.70c2600_builder_stable_11/boot/contents.izo: Authentication error ... This issue affects Juniper Networks Junos OS: 18.1R3-S4 on EX2300, EX2300-C and EX3400; 18.3R1-S3 on EX2300, EX2300-C and EX3400.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: juniper networks ex2300, ex2300-c, ex3400
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2018-3860
High
An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: acd systems
Published: 2018-07-19 | Modified: 2024-09-16
CVE-2018-3887
High
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-11 | Modified: 2024-09-16
CVE-2018-5735
High
The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: debian
Published: 2019-10-30 | Modified: 2024-09-16
CVE-2019-11293
High
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: cloud foundry
Published: 2019-12-06 | Modified: 2024-09-16
CVE-2018-0040
Critical
Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: juniper networks
Published: 2018-07-11 | Modified: 2024-09-16
CVE-2018-1600
High
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: ibm
Published: 2018-06-04 | Modified: 2024-09-16
CVE-2018-4010
High
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-09-07 | Modified: 2024-09-16
CVE-2019-11204
Critical
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-05-14 | Modified: 2024-09-16
CVE-2018-3856
Critical
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-16
CVE-2018-6504
High
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: micro focus
Published: 2018-09-20 | Modified: 2024-09-16
CVE-2019-11060
High
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: asus
Published: 2019-08-29 | Modified: 2024-09-16
CVE-2019-0058
High
A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS allowing an attacker to fully compromise the host system. A local authenticated user can elevate privileges to gain full control of the system even if they are specifically denied access to perform certain actions. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D80 on SRX Series.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2018-15781
High
The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text.
🛡️ CVSS: 7.9 🆕 New Entry
/vendors/: dell
Published: 2019-02-13 | Modified: 2024-09-16
CVE-2018-1636
High
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: ibm
Published: 2019-08-20 | Modified: 2024-09-16
CVE-2018-5428
High
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-06-20 | Modified: 2024-09-16
CVE-2018-3888
High
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-11 | Modified: 2024-09-16
CVE-2018-3914
High
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: samsung
Published: 2018-09-21 | Modified: 2024-09-16
CVE-2018-17497
High
eVisitorPass contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: visitorpass
Published: 2019-03-19 | Modified: 2024-09-16
CVE-2018-3995
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-03 | Modified: 2024-09-16
CVE-2019-11892
High
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: bosch
Published: 2019-05-29 | Modified: 2024-09-16
CVE-2018-8914
High
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: synology
Published: 2018-05-10 | Modified: 2024-09-16
CVE-2018-1973
High
IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'API Administrator level access to give themselves full 'Administrator' level access through the members functionality. IBM X-Force ID: 153914.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: ibm
Published: 2018-12-20 | Modified: 2024-09-16
CVE-2018-17488
High
Lobby Track Desktop could allow a local attacker to gain elevated privileges on the system, caused by an error in the printer dialog. By visiting the kiosk and accessing the print badge screen, an attacker could exploit this vulnerability using the command line to break out of kiosk mode.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: jolly technologies
Published: 2019-03-19 | Modified: 2024-09-16
CVE-2018-0047
High
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: juniper networks
Published: 2018-10-10 | Modified: 2024-09-16
CVE-2018-1630
High
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: ibm
Published: 2019-08-20 | Modified: 2024-09-16
CVE-2018-3952
High
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-09-07 | Modified: 2024-09-16
CVE-2018-1738
High
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-10-11 | Modified: 2024-09-16
CVE-2018-5402
Critical
The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: armv7 auto-maskin
Published: 2018-10-08 | Modified: 2024-09-16
CVE-2018-17953
High
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: suse
Published: 2018-11-27 | Modified: 2024-09-16
CVE-2018-3889
High
A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-04-12 | Modified: 2024-09-16
CVE-2018-13284
High
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: synology
Published: 2019-04-01 | Modified: 2024-09-16
CVE-2018-3866
Critical
An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-08-23 | Modified: 2024-09-16
CVE-2018-1875
High
IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: ibm
Published: 2019-03-05 | Modified: 2024-09-16
CVE-2018-4000
High
An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: the atlantis word processor team
Published: 2018-10-01 | Modified: 2024-09-16
CVE-2018-3906
High
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: samsung
Published: 2018-09-21 | Modified: 2024-09-16
CVE-2018-3877
Critical
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-21 | Modified: 2024-09-16
CVE-2018-4054
Critical
A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: talos
Published: 2019-03-08 | Modified: 2024-09-16
CVE-2018-12410
Critical
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: tibco software inc.
Published: 2018-10-10 | Modified: 2024-09-16
CVE-2018-1571
High
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 143121.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ibm
Published: 2018-09-11 | Modified: 2024-09-16
CVE-2018-3941
High
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: foxit software
Published: 2018-10-08 | Modified: 2024-09-16
CVE-2019-0028
High
On Junos devices with the BGP graceful restart helper mode enabled or the BGP graceful restart mechanism enabled, a BGP session restart on a remote peer that has the graceful restart mechanism enabled may cause the local routing protocol daemon (RPD) process to crash and restart. By simulating a specific BGP session restart, an attacker can repeatedly crash the RPD process causing prolonged denial of service (DoS). Graceful restart helper mode for BGP is enabled by default. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7; 16.1X65 versions prior to 16.1X65-D48; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R3; 17.2X75 versions prior to 17.2X75-D92, 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S4, 17.4R2; 18.1 versions prior to 18.1R2. Junos OS releases prior to 16.1R1 are not affected.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: juniper networks
Published: 2019-04-10 | Modified: 2024-09-16
CVE-2018-17490
High
EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: hid global
Published: 2019-03-19 | Modified: 2024-09-16
CVE-2018-15756
High
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: pivotal
Published: 2018-10-18 | Modified: 2024-09-16
CVE-2018-1457
High
An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: ibm
Published: 2018-06-27 | Modified: 2024-09-16
CVE-2018-1640
High
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ibm
Published: 2019-04-02 | Modified: 2024-09-16
CVE-2018-1727
High
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2019-02-15 | Modified: 2024-09-16
CVE-2018-11060
High
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: dell emc
Published: 2018-07-24 | Modified: 2024-09-16
CVE-2018-0017
High
A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D72; 12.3X48 versions prior to 12.3X48-D55; 15.1X49 versions prior to 15.1X49-D90.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx series juniper networks
Published: 2018-04-11 | Modified: 2024-09-16
CVE-2018-3932
High
An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: antenna house
Published: 2018-07-11 | Modified: 2024-09-16
CVE-2018-1244
High
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: dell emc
Published: 2018-07-02 | Modified: 2024-09-16
CVE-2018-3876
Critical
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-21 | Modified: 2024-09-16
CVE-2018-1453
High
IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ibm
Published: 2018-06-08 | Modified: 2024-09-16
CVE-2018-17493
High
eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Fullscreen button. By visiting the kiosk and clicking the full screen button in the bottom right, an attacker could exploit this vulnerability to close the program and launch other processes on the system.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: visitorpass
Published: 2019-03-19 | Modified: 2024-09-16
CVE-2019-15066
Critical
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: hinet
Published: 2019-10-17 | Modified: 2024-09-16
CVE-2018-15795
High
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: pivotal cloud foundry
Published: 2018-11-13 | Modified: 2024-09-16
CVE-2018-1974
High
IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. IBM X-Force ID: 153915.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: ibm
Published: 2019-03-11 | Modified: 2024-09-16
CVE-2018-1460
High
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-06-15 | Modified: 2024-09-16
CVE-2018-3896
Critical
An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: samsung
Published: 2018-09-10 | Modified: 2024-09-16
CVE-2019-0050
High
Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this condition occurs. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D170 on SRX1500; 17.3 versions prior to 17.3R3-S7 on SRX1500; 17.4 versions prior to 17.4R2-S8, 17.4R3 on SRX1500; 18.1 versions prior to 18.1R3-S8 on SRX1500; 18.2 versions prior to 18.2R3 on SRX1500; 18.3 versions prior to 18.3R2 on SRX1500; 18.4 versions prior to 18.4R2 on SRX1500.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: srx1500 juniper networks
Published: 2019-10-09 | Modified: 2024-09-16
CVE-2019-11826
High
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: synology
Published: 2019-06-30 | Modified: 2024-09-16
CVE-2018-3955
High
An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: linksys
Published: 2018-10-17 | Modified: 2024-09-16
CVE-2018-3835
High
An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: talos
Published: 2018-01-29 | Modified: 2024-09-16
CVE-2019-19756
High
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.
🛡️ CVSS: 7.9 🆕 New Entry
/vendors/: lenovo
Published: 2020-03-13 | Modified: 2024-09-16
CVE-2018-1941
High
IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: ibm
Published: 2018-12-05 | Modified: 2024-09-16
CVE-2019-10761
High
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and execute arbitrary code.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: n/a
Published: 2022-07-13 | Modified: 2024-09-16
CVE-2019-18573
High
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim’s session and perform arbitrary actions with privileges of the user within the compromised session.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: dell
Published: 2019-12-18 | Modified: 2024-09-16
CVE-2018-0024
High
An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions prior to 12.3X48-D20 on SRX Series; 12.3 versions prior to 12.3R11 on EX Series; 14.1X53 versions prior to 14.1X53-D30 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100;; 15.1X49 versions prior to 15.1X49-D20 on SRX Series.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: srx series ex2200/vc, ex3200, ex3300/vc, ex4200, ex4300, ex4550/vc, ex4600, ex6200, ex8200/vc (xre), qfx3500, qfx3600, qfx5100 ex series juniper networks
Published: 2018-07-11 | Modified: 2024-09-16
CVE-2018-6486
High
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: micro focus
Published: 2018-02-02 | Modified: 2024-09-16
CVE-2018-1792
High
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: ibm
Published: 2018-11-13 | Modified: 2024-09-16
CVE-2019-0007
Critical
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F5 on vMX Series.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: juniper networks vmx series
Published: 2019-01-15 | Modified: 2024-09-16
CVE-2019-0008
Critical
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S2, 17.3R4; 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1, 18.1R4; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: qfx5000 series, ex4300, ex4600 juniper networks qfx5000 series, ex4300, ex4600
Published: 2019-04-10 | Modified: 2024-09-16
CVE-2018-6662
High
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: mcafee
Published: 2018-06-05 | Modified: 2024-09-16
CVE-2019-0004
High
On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: juniper networks
Published: 2019-01-15 | Modified: 2024-09-16
CVE-2018-7688
High
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: opensuse
Published: 2018-06-07 | Modified: 2024-09-16
CVE-2018-3937
Critical
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: talos
Published: 2018-08-14 | Modified: 2024-09-16
CVE-2018-1424
High
IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: ibm
Published: 2018-12-07 | Modified: 2024-09-16
CVE-2018-18815
Critical
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: tibco software inc.
Published: 2019-03-07 | Modified: 2024-09-16
CVE-2018-1002105
Critical
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: kubernetes
Published: 2018-12-05 | Modified: 2024-08-05
CVE-2018-21268
Critical
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: n/a
Published: 2020-06-25 | Modified: 2024-08-05
CVE-2018-21205
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21217
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21226
High
Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21216
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21202
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21222
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21212
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21221
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, and R9000 before 1.0.2.52.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21223
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21220
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21170
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX2700 before 1.0.1.28, R7800 before 1.0.2.40, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-27 | Modified: 2024-08-05
CVE-2018-21211
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21215
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, EX2700 before 1.0.1.28, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21204
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21210
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21206
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21203
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6100 before 1.0.1.20, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21214
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21169
High
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7000 before 2018-03-01, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 2018-03-01, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-27 | Modified: 2024-08-05
CVE-2018-21161
High
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.46, and R9000 before 1.0.3.16.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21218
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21224
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21219
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21208
High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21153
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-27 | Modified: 2024-08-05
CVE-2018-21213
High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21207
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.56, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-28 | Modified: 2024-08-05
CVE-2018-21162
High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21158
High
NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-27 | Modified: 2024-08-05
CVE-2018-21160
High
NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21138
High
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21139
High
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 before 1.0.1.68, D7000v2 before 1.0.0.51, D7800 before 1.0.1.42, D8500 before 1.0.3.42, DC112A before 1.0.0.40, DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, JNR1010v2 before 1.1.0.54, JR6150 before 1.0.1.18, JWNR2010v5 before 1.1.0.54, PR2000 before 1.0.0.24, R6020 before 1.0.0.34, R6050 before 1.0.1.18, R6080 before 1.0.0.34, R6100 before 1.0.1.22, R6120 before 1.0.0.42, R6220 before 1.1.0.68, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R6700 before 1.0.1.48, R6700v2 before 1.2.0.24, R6800 before 1.2.0.24, R6900 before 1.0.1.48, R6900P before 1.3.1.44, R6900v2 before 1.2.0.24, R7000 before 1.0.9.34, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R7500 before 1.0.0.124, R7500v2 before 1.0.3.38, R7900 before 1.0.2.16, R7900P before 1.4.1.24, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN3000RP before 1.0.0.68, WN3000RPv2 before 1.0.0.68, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.102, WNDR3700v5 before 1.1.0.54, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR1000v4 before 1.1.0.54, WNR2020 before 1.1.0.54, WNR2050 before 1.1.0.54, and WNR3500Lv2 before 1.2.0.54.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21140
High
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-21 | Modified: 2024-08-05
CVE-2018-21137
High
Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21131
High
Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21125
High
NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21117
High
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21118
High
NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21128
High
Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21101
High
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21132
High
Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21123
High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21115
High
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21127
High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21133
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21116
High
NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21113
High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21130
High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21121
High
Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21124
High
NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21126
High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21102
High
NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-23 | Modified: 2024-08-05
CVE-2018-21094
High
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: n/a
Published: 2020-04-27 | Modified: 2024-08-05
CVE-2018-21099
High
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: n/a
Published: 2020-04-27 | Modified: 2024-08-05
CVE-2018-21100
High
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: n/a
Published: 2020-04-27 | Modified: 2024-08-05
CVE-2018-21129
High
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2018-21097
High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2020-04-27 | Modified: 2024-08-05
CVE-2018-21035
High
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: n/a
Published: 2020-02-28 | Modified: 2024-08-05
CVE-2018-19879
High
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-03-28 | Modified: 2024-08-05
CVE-2018-19276
Critical
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: n/a
Published: 2019-03-17 | Modified: 2024-08-05
CVE-2018-16877
High
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: clusterlabs
Published: 2019-04-18 | Modified: 2024-08-05
CVE-2018-16879
High
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data leak of sensitive information such as passwords as well as denial of service attacks by deleting projects or inventory files.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: [unknown]
Published: 2019-01-03 | Modified: 2024-08-05
CVE-2018-16853
High
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-11-28 | Modified: 2024-08-05
CVE-2018-16858
High
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: [unknown]
Published: 2019-03-25 | Modified: 2024-08-05
CVE-2018-16863
High
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: artifex
Published: 2018-12-03 | Modified: 2024-08-05
CVE-2018-16860
High
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: samba
Published: 2019-07-31 | Modified: 2024-08-05
CVE-2018-16850
High
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: the postgresql project
Published: 2018-11-13 | Modified: 2024-08-05
CVE-2018-16855
High
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-12-03 | Modified: 2024-08-05
CVE-2018-16861
High
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: the foreman project
Published: 2018-12-07 | Modified: 2024-08-05
CVE-2018-16857
High
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: [unknown]
Published: 2018-11-28 | Modified: 2024-08-05
CVE-2018-16873
High
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it's possible to arrange things so that a Git repository is cloned to a folder named ".git" by using a vanity import path that ends with "/.git". If the Git repository root contains a "HEAD" file, a "config" file, an "objects" directory, a "refs" directory, with some work to ensure the proper ordering of operations, "go get -u" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running "go get -u".
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-12-14 | Modified: 2024-08-05
CVE-2018-16871
High
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: red hat
Published: 2019-07-30 | Modified: 2024-08-05
CVE-2018-16845
High
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: [unknown]
Published: 2018-11-07 | Modified: 2024-08-05
CVE-2018-16837
High
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-10-23 | Modified: 2024-08-05
CVE-2018-16556
High
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via PROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected devices to go into defect mode. Manual reboot is required to resume normal operation. Successful exploitation requires an attacker to be able to send specially crafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi Point Interfaces (MPI). No user interaction and no user privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2018-12-13 | Modified: 2024-08-05
CVE-2018-16557
High
A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a denial of service condition of the core functionality of the CPU, compromising the availability of the system.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: siemens
Published: 2018-12-13 | Modified: 2024-08-05
CVE-2018-15645
High
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: odoo
Published: 2020-12-22 | Modified: 2024-08-05
CVE-2018-15612
High
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: avaya
Published: 2018-09-21 | Modified: 2024-08-05
CVE-2018-15632
High
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: odoo
Published: 2020-12-22 | Modified: 2024-08-05
CVE-2018-15634
High
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: odoo
Published: 2020-12-22 | Modified: 2024-08-05
CVE-2018-15638
High
Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: odoo
Published: 2020-12-22 | Modified: 2024-08-05
CVE-2018-15615
High
A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected versions of CMS Supervisor include R17.0.x and R18.0.x.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: avaya
Published: 2018-09-24 | Modified: 2024-08-05
CVE-2018-15633
High
Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: odoo
Published: 2020-12-22 | Modified: 2024-08-05
CVE-2018-15616
Critical
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: avaya
Published: 2018-10-17 | Modified: 2024-08-05
CVE-2018-15613
High
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: avaya
Published: 2018-09-21 | Modified: 2024-08-05
CVE-2018-15610
High
A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: avaya
Published: 2018-09-12 | Modified: 2024-08-05
CVE-2018-14638
High
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: fedora project
Published: 2018-09-14 | Modified: 2024-08-05
CVE-2018-14649
Critical
It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-10-09 | Modified: 2024-08-05
CVE-2018-14632
High
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: red hat
Published: 2018-09-06 | Modified: 2024-08-05
CVE-2018-14648
High
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-09-28 | Modified: 2024-08-05
CVE-2018-14643
Critical
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-09-21 | Modified: 2024-08-05
CVE-2018-14645
High
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-09-21 | Modified: 2024-08-05
CVE-2018-14651
High
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-10-31 | Modified: 2024-08-05
CVE-2018-14618
High
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-09-05 | Modified: 2024-08-05
CVE-2018-14631
High
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-09-17 | Modified: 2024-08-05
CVE-2018-14624
High
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-09-06 | Modified: 2024-08-05
CVE-2018-14630
High
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-09-17 | Modified: 2024-08-05
CVE-2018-13990
High
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior to 1.35 is vulnerable to brute-force attacks, because of Improper Restriction of Excessive Authentication Attempts.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: n/a
Published: 2019-05-06 | Modified: 2024-08-05
CVE-2018-13993
High
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is prone to CSRF.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-05-07 | Modified: 2024-08-05
CVE-2018-13992
High
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 allows for plaintext transmission (HTTP) of user credentials by default.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: n/a
Published: 2019-05-07 | Modified: 2024-08-05
CVE-2018-13994
High
The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 to 1.34 is vulnerable to a denial-of-service attack by making more than 120 connections.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-05-07 | Modified: 2024-08-05
CVE-2018-11071
High
Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: dell emc
Published: 2018-09-18 | Modified: 2024-08-05
CVE-2018-11054
High
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: rsa
Published: 2018-08-31 | Modified: 2024-08-05
CVE-2018-11083
High
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: cloud foundry
Published: 2018-10-05 | Modified: 2024-08-05
CVE-2018-10936
High
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: [unknown]
Published: 2018-08-30 | Modified: 2024-08-05
CVE-2018-11058
High
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: rsa
Published: 2018-09-14 | Modified: 2024-08-05
CVE-2018-10915
High
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: postgresql global development group
Published: 2018-08-09 | Modified: 2024-08-05
CVE-2018-10903
High
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-30 | Modified: 2024-08-05
CVE-2018-10895
Critical
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: qutebrowser
Published: 2018-07-12 | Modified: 2024-08-05
CVE-2018-10905
High
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-24 | Modified: 2024-08-05
CVE-2018-10900
High
Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-26 | Modified: 2024-08-05
CVE-2018-10920
High
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cz.nic
Published: 2018-08-02 | Modified: 2024-08-05
CVE-2018-10927
High
A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: red hat
Published: 2018-09-04 | Modified: 2024-08-05
CVE-2018-10925
High
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: postgresql global development group
Published: 2018-08-09 | Modified: 2024-08-05
CVE-2018-10928
High
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: red hat
Published: 2018-09-04 | Modified: 2024-08-05
CVE-2018-10926
High
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: red hat
Published: 2018-09-04 | Modified: 2024-08-05
CVE-2018-10902
High
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-08-21 | Modified: 2024-08-05
CVE-2018-10901
High
A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-26 | Modified: 2024-08-05
CVE-2018-10933
Critical
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: [unknown]
Published: 2018-10-17 | Modified: 2024-08-05
CVE-2018-10931
Critical
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: the cobbler project
Published: 2018-08-09 | Modified: 2024-08-05
CVE-2018-10899
High
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: jolokia
Published: 2019-08-01 | Modified: 2024-08-05
CVE-2018-10922
High
An input validation flaw exists in ttembed. With a crafted input file, an attacker may be able to trigger a denial of service condition due to ttembed trusting attacker controlled values.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-08-02 | Modified: 2024-08-05
CVE-2018-10923
High
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: red hat
Published: 2018-09-04 | Modified: 2024-08-05
CVE-2018-10929
High
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: red hat
Published: 2018-09-04 | Modified: 2024-08-05
CVE-2018-10907
High
It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: red hat
Published: 2018-09-04 | Modified: 2024-08-05
CVE-2018-10897
High
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: the rpm project
Published: 2018-08-01 | Modified: 2024-08-05
CVE-2018-10893
High
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: red hat
Published: 2018-09-11 | Modified: 2024-08-05
CVE-2018-10884
High
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: red hat
Published: 2018-08-22 | Modified: 2024-08-05
CVE-2018-10904
High
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: red hat
Published: 2018-09-04 | Modified: 2024-08-05
CVE-2018-10898
High
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-30 | Modified: 2024-08-05
CVE-2018-10875
High
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-13 | Modified: 2024-08-05
CVE-2018-10870
Critical
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: redhat-certification
Published: 2018-07-19 | Modified: 2024-08-05
CVE-2018-10869
High
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-19 | Modified: 2024-08-05
CVE-2018-10877
High
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-18 | Modified: 2024-08-05
CVE-2018-10873
High
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: [unknown]
Published: 2018-08-17 | Modified: 2024-08-05
CVE-2018-10874
High
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-02 | Modified: 2024-08-05
CVE-2018-10843
High
source-to-image component of Openshift Container Platform before versions atomic-openshift 3.7.53, atomic-openshift 3.9.31 is vulnerable to a privilege escalation which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which are normally only available to a root user.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-02 | Modified: 2024-08-05
CVE-2018-7362
High
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: zte
Published: 2018-11-16 | Modified: 2024-08-05
CVE-2018-7360
Critical
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service.
🛡️ CVSS: 9.6 🆕 New Entry
/vendors/: zte
Published: 2018-11-16 | Modified: 2024-08-05
CVE-2018-7364
High
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: zte
Published: 2018-12-07 | Modified: 2024-08-05
CVE-2018-7359
Critical
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: zte
Published: 2018-11-16 | Modified: 2024-08-05
CVE-2018-7340
High
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: duo security
Published: 2019-04-17 | Modified: 2024-08-05
CVE-2018-6757
High
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: mcafee x86
Published: 2018-12-06 | Modified: 2024-08-05
CVE-2018-6755
High
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: mcafee x86
Published: 2018-12-06 | Modified: 2024-08-05
CVE-2018-6700
High
DLL Search Order Hijacking vulnerability in Microsoft Windows Client in McAfee True Key (TK) before 5.1.165 allows local users to execute arbitrary code via specially crafted malware.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: mcafee x86
Published: 2018-09-24 | Modified: 2024-08-05
CVE-2018-6703
Critical
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: mcafee, llc
Published: 2018-12-11 | Modified: 2024-08-05
CVE-2018-6756
High
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: mcafee x86
Published: 2018-12-06 | Modified: 2024-08-05
CVE-2018-6670
High
External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: mcafee x86
Published: 2018-06-07 | Modified: 2024-08-05
CVE-2018-6667
Critical
Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX).
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: mcafee x86
Published: 2018-06-26 | Modified: 2024-08-05
CVE-2018-6677
High
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: mcafee x86
Published: 2018-07-23 | Modified: 2024-08-05
CVE-2018-6683
High
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: mcafee
Published: 2018-07-23 | Modified: 2024-08-05
CVE-2018-6497
High
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: micro focus
Published: 2018-06-15 | Modified: 2024-08-05
CVE-2018-6491
High
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: micro focus
Published: 2018-04-23 | Modified: 2024-08-05
CVE-2018-6496
High
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: micro focus
Published: 2018-06-15 | Modified: 2024-08-05
CVE-2018-5551
Critical
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: docutrac windows
Published: 2018-03-19 | Modified: 2024-08-05
CVE-2018-4051
High
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: gog.com
Published: 2019-04-02 | Modified: 2024-08-05
CVE-2018-4049
Critical
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: gog.com
Published: 2019-04-02 | Modified: 2024-08-05
CVE-2018-4048
Critical
An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: talos
Published: 2019-05-30 | Modified: 2024-08-05
CVE-2018-4050
High
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: talos
Published: 2019-04-01 | Modified: 2024-08-05
CVE-2018-4042
High
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4046
High
An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4047
High
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4033
High
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4035
High
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4023
Critical
An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4034
High
The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4045
High
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4058
High
An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: talos
Published: 2019-03-21 | Modified: 2024-08-05
CVE-2018-4043
High
An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4044
High
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4041
High
An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4037
High
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4036
High
The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4032
High
An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-01-10 | Modified: 2024-08-05
CVE-2018-4029
Critical
An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4031
Critical
An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: n/a
Published: 2019-10-31 | Modified: 2024-08-05
CVE-2018-4022
High
A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: n/a
Published: 2018-10-26 | Modified: 2024-08-05
CVE-2018-4024
High
An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4014
High
An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4025
High
An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4015
High
An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: n/a
Published: 2018-12-18 | Modified: 2024-08-05
CVE-2018-4017
High
An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4018
Critical
An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4016
High
An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4026
High
An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-05-13 | Modified: 2024-08-05
CVE-2018-4006
Critical
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: n/a
Published: 2019-04-17 | Modified: 2024-08-05
CVE-2018-3990
Critical
An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: n/a
Published: 2019-02-05 | Modified: 2024-08-05
CVE-2018-3991
Critical
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: n/a
Published: 2019-02-05 | Modified: 2024-08-05
CVE-2018-3963
Critical
An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: n/a
Published: 2019-03-21 | Modified: 2024-08-05
CVE-2018-4001
High
An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later dereferenced and then written to allow for controlled heap corruption, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2018-10-01 | Modified: 2024-08-05
CVE-2018-4009
High
An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-04-15 | Modified: 2024-08-05
CVE-2018-4004
High
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-04-17 | Modified: 2024-08-05
CVE-2018-3983
High
An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-10-31 | Modified: 2024-08-05
CVE-2018-4008
Critical
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: n/a
Published: 2019-04-15 | Modified: 2024-08-05
CVE-2018-4003
High
An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: n/a
Published: 2019-03-21 | Modified: 2024-08-05
CVE-2018-3979
High
A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: nouveau
Published: 2019-04-01 | Modified: 2024-08-05
CVE-2018-4012
Critical
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: n/a
Published: 2019-01-03 | Modified: 2024-08-05
CVE-2018-4007
Critical
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: n/a
Published: 2019-04-17 | Modified: 2024-08-05
CVE-2018-3890
High
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: unknown
Published: 2018-11-02 | Modified: 2024-08-05
CVE-2018-3968
High
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: n/a
Published: 2019-03-21 | Modified: 2024-08-05
CVE-2018-4005
Critical
An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: n/a
Published: 2019-04-17 | Modified: 2024-08-05
CVE-2018-3969
High
An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: n/a
Published: 2019-03-21 | Modified: 2024-08-05
CVE-2018-3974
Critical
An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: gog.com
Published: 2019-04-02 | Modified: 2024-08-05
CVE-2018-3920
High
An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: unknown
Published: 2018-11-02 | Modified: 2024-08-05
CVE-2018-3985
High
An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: n/a
Published: 2019-03-21 | Modified: 2024-08-05
CVE-2018-3934
Critical
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: unknown
Published: 2018-11-02 | Modified: 2024-08-05
CVE-2018-3935
High
An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: unknown
Published: 2018-11-02 | Modified: 2024-08-05
CVE-2018-3913
High
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2018-09-21 | Modified: 2024-08-05
CVE-2018-3899
High
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: unknown
Published: 2018-11-02 | Modified: 2024-08-05
CVE-2018-3854
High
An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2018-12-03 | Modified: 2024-08-05
CVE-2018-3898
High
An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: unknown
Published: 2018-11-02 | Modified: 2024-08-05
CVE-2018-3893
Critical
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: n/a
Published: 2018-08-27 | Modified: 2024-08-05
CVE-2018-3892
Critical
An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability.
🛡️ CVSS: 9.6 🆕 New Entry
/vendors/: unknown
Published: 2018-11-02 | Modified: 2024-08-05
CVE-2018-3834
High
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: insteon
Published: 2018-08-02 | Modified: 2024-08-05
CVE-2018-2425
High
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: sap se
Published: 2018-06-12 | Modified: 2024-08-05
CVE-2018-2424
Critical
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: sap se
Published: 2018-06-12 | Modified: 2024-08-05
CVE-2018-2402
High
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorizations on the control system may be able to access the user credentials and gain unauthorized access to data in the captured or target system.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: sap se
Published: 2018-03-14 | Modified: 2024-08-05
CVE-2018-2408
High
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: sap se
Published: 2018-04-10 | Modified: 2024-08-05
CVE-2018-1112
High
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: unspecified
Published: 2018-04-25 | Modified: 2024-08-05
CVE-2018-1132
High
A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-06-20 | Modified: 2024-08-05
CVE-2018-1122
High
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: [unknown]
Published: 2018-05-23 | Modified: 2024-08-05
CVE-2018-1111
High
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: fedora red hat
Published: 2018-05-17 | Modified: 2024-08-05
CVE-2018-1079
High
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: unspecified
Published: 2018-04-12 | Modified: 2024-08-05
CVE-2018-1080
High
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2018-07-02 | Modified: 2024-08-05
CVE-2018-1089
High
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: unspecified
Published: 2018-05-09 | Modified: 2024-08-05
CVE-2018-1074
High
ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management systems of hosts they control.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: unspecified
Published: 2018-04-26 | Modified: 2024-08-05
CVE-2018-1084
High
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: unspecified
Published: 2018-04-12 | Modified: 2024-08-05
CVE-2018-1085
Critical
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: [unknown]
Published: 2018-06-15 | Modified: 2024-08-05
CVE-2018-1087
High
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: kernel
Published: 2018-05-15 | Modified: 2024-08-05
CVE-2018-0721
High
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: build 20180711 build 20180725 qnap systems inc. build 20180710
Published: 2018-11-27 | Modified: 2024-08-05
CVE-2019-1020011
Critical
SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: smokedetector
Published: 2019-07-29 | Modified: 2024-08-05
CVE-2019-19893
High
In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\SYSTEM.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2020-01-23 | Modified: 2024-08-05
CVE-2019-19979
High
A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-12-26 | Modified: 2024-08-05
CVE-2019-19898
High
In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2020-01-23 | Modified: 2024-08-05
CVE-2019-19915
Critical
The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or greater access) to modify, delete, or inject redirect rules, and exploit XSS, with the /admin-ajax.php?action=eps_redirect_save and /admin-ajax.php?action=eps_redirect_delete actions. This could result in a loss of site availability, malicious redirects, and user infections. This could also be exploited via CSRF.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: n/a
Published: 2019-12-19 | Modified: 2024-08-05
CVE-2019-19896
Critical
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\SYSTEM on the target server and clients.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: n/a
Published: 2020-01-23 | Modified: 2024-08-05
CVE-2019-19897
Critical
In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function.
🛡️ CVSS: 10.0 🆕 New Entry
/vendors/: n/a
Published: 2020-01-23 | Modified: 2024-08-05
CVE-2019-19895
High
In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2020-01-23 | Modified: 2024-08-05
CVE-2019-19849
High
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-12-17 | Modified: 2024-08-05
CVE-2019-19826
High
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: n/a
Published: 2019-12-16 | Modified: 2024-08-05
CVE-2019-19625
High
SROS 2 0.8.1 (which provides the tools that generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2) leaks node information due to a leaky default configuration as indicated in the policy/defaults/dds/governance.xml document.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-12-06 | Modified: 2024-08-05
CVE-2019-19627
High
SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-related information regardless of the rtps_protection_kind configuration. (SROS2 provides the tools to generate and distribute keys for Robot Operating System 2 and uses the underlying security plugins of DDS from ROS 2.)
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-12-06 | Modified: 2024-08-05
CVE-2019-19340
High
A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.3, where enabling RabbitMQ manager by setting it with '-e rabbitmq_enable_manager=true' exposes the RabbitMQ management interface publicly, as expected. If the default admin user is still active, an attacker could guess the password and gain access to the system.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: red hat
Published: 2019-12-19 | Modified: 2024-08-05
CVE-2019-19334
High
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "identityref". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: red hat
Published: 2019-12-06 | Modified: 2024-08-05
CVE-2019-19298
High
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2020-03-10 | Modified: 2024-08-05
CVE-2019-19331
High
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: cz.nic
Published: 2019-12-16 | Modified: 2024-08-05
CVE-2019-19299
High
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2), SiNVR/SiVMS Video Server (All versions >= V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2020-03-10 | Modified: 2024-08-05
CVE-2019-19333
High
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: red hat
Published: 2019-12-06 | Modified: 2024-08-05
CVE-2019-19301
High
A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2020-04-14 | Modified: 2024-08-05
CVE-2019-19282
High
A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2020-03-10 | Modified: 2024-08-05
CVE-2019-19297
High
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2020-03-10 | Modified: 2024-08-05
CVE-2019-19292
High
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: siemens
Published: 2020-03-10 | Modified: 2024-08-05
CVE-2019-19104
Critical
The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. This issue allows obtaining sensitive information that may aid in further attacks and privilege escalation.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: abb busch-jaeger
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2019-19231
High
An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: ca technologies, broadcom company
Published: 2019-12-20 | Modified: 2024-08-05
CVE-2019-19169
High
Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: raonwiz windows
Published: 2020-05-06 | Modified: 2024-08-05
CVE-2019-19164
High
dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: raonwiz
Published: 2020-05-07 | Modified: 2024-08-05
CVE-2019-19166
High
Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: windows tobesoft
Published: 2020-05-06 | Modified: 2024-08-05
CVE-2019-19167
High
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: windows tobesoft
Published: 2020-05-06 | Modified: 2024-08-05
CVE-2019-19168
High
Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: raonwiz windows
Published: 2020-05-06 | Modified: 2024-08-05
CVE-2019-19106
Critical
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: abb busch-jaeger
Published: 2020-04-22 | Modified: 2024-08-05
CVE-2019-19163
High
A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: commax linux
Published: 2020-06-30 | Modified: 2024-08-05
CVE-2019-19094
High
Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: abb
Published: 2020-04-02 | Modified: 2024-08-05
CVE-2019-19161
High
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: tobesoft.co.ltd
Published: 2020-06-30 | Modified: 2024-08-05
CVE-2019-19108
Critical
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.
🛡️ CVSS: 9.4 🆕 New Entry
/vendors/: b&r
Published: 2020-04-20 | Modified: 2024-08-05
CVE-2019-19100
High
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an exposed interface.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: b&r
Published: 2020-04-29 | Modified: 2024-08-05
CVE-2019-18996
High
Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application’s context.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: abb
Published: 2019-12-18 | Modified: 2024-08-05
CVE-2019-18998
High
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4 prior to 9.4.2.6, 9.5 prior to 9.5.3.2 and 9.6.0 enables full access to directly referenced objects. An attacker with knowledge of a resource's URL can access the resource directly.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: abb
Published: 2020-02-17 | Modified: 2024-08-05
CVE-2019-18945
High
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: micro focus
Published: 2021-02-26 | Modified: 2024-08-05
CVE-2019-18840
High
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-11-09 | Modified: 2024-08-05
CVE-2019-18339
Critical
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network access to the Video Server could exploit this vulnerability to read the SiVMS/SiNVR users database, including the passwords of all users in obfuscated cleartext.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: siemens
Published: 2019-12-12 | Modified: 2024-08-05
CVE-2019-18342
Critical
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: siemens
Published: 2019-12-12 | Modified: 2024-08-05
CVE-2019-18214
High
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: n/a
Published: 2019-10-19 | Modified: 2024-08-05
CVE-2019-17535
Critical
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: n/a
Published: 2019-10-13 | Modified: 2024-08-05
CVE-2019-17536
Critical
Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: n/a
Published: 2019-10-13 | Modified: 2024-08-05
CVE-2019-17390
High
An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service because PronestorHealthMonitor.exe access control is mishandled, aka PNB-2359.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: n/a
Published: 2019-12-18 | Modified: 2024-08-05
CVE-2019-17148
High
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. Was ZDI-CAN-8685.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: parallels
Published: 2020-01-07 | Modified: 2024-08-05
CVE-2019-17141
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-25 | Modified: 2024-08-05
CVE-2019-17140
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-25 | Modified: 2024-08-05
CVE-2019-17147
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: tp-link
Published: 2020-01-07 | Modified: 2024-08-05
CVE-2019-17136
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8776.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2020-02-07 | Modified: 2024-08-05
CVE-2019-17145
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-25 | Modified: 2024-08-05
CVE-2019-17142
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-25 | Modified: 2024-08-05
CVE-2019-17137
Critical
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.
🛡️ CVSS: 9.4 🆕 New Entry
/vendors/: netgear
Published: 2020-02-10 | Modified: 2024-08-05
CVE-2019-17144
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-25 | Modified: 2024-08-05
CVE-2019-17201
Critical
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: n/a
Published: 2020-01-23 | Modified: 2024-08-05
CVE-2019-17146
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction request header, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8458.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: d-link
Published: 2020-01-07 | Modified: 2024-08-05
CVE-2019-17202
High
FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: n/a
Published: 2020-01-23 | Modified: 2024-08-05
CVE-2019-17139
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-25 | Modified: 2024-08-05
CVE-2019-17135
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8775.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2020-02-07 | Modified: 2024-08-05
CVE-2019-16792
High
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: pylons
Published: 2020-01-22 | Modified: 2024-08-05
CVE-2019-16789
High
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: pylons
Published: 2019-12-26 | Modified: 2024-08-05
CVE-2019-16775
High
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: npm
Published: 2019-12-13 | Modified: 2024-08-05
CVE-2019-16776
High
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: npm
Published: 2019-12-13 | Modified: 2024-08-05
CVE-2019-16786
High
Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: pylons
Published: 2019-12-20 | Modified: 2024-08-05
CVE-2019-16765
High
If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: github
Published: 2019-11-25 | Modified: 2024-08-05
CVE-2019-16785
High
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: pylons
Published: 2019-12-20 | Modified: 2024-08-05
CVE-2019-16777
High
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
🛡️ CVSS: 7.7 🆕 New Entry
/vendors/: npm
Published: 2019-12-13 | Modified: 2024-08-05
CVE-2019-16766
High
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: lab digital
Published: 2019-11-29 | Modified: 2024-08-05
CVE-2019-16670
Critical
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. The Authentication mechanism has no brute-force prevention.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: n/a
Published: 2019-12-06 | Modified: 2024-08-05
CVE-2019-16674
Critical
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Authentication Information used in a cookie is predictable and can lead to admin password compromise when captured on the network.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: n/a
Published: 2019-12-06 | Modified: 2024-08-05
CVE-2019-16672
Critical
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: n/a
Published: 2019-12-06 | Modified: 2024-08-05
CVE-2019-16673
High
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Passwords are stored in cleartext and can be read by anyone with access to the device.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-12-06 | Modified: 2024-08-05
CVE-2019-15637
High
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-08-26 | Modified: 2024-08-05
CVE-2019-15631
Critical
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: mulesoft
Published: 2019-12-02 | Modified: 2024-08-05
CVE-2019-15052
Critical
The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: n/a
Published: 2019-08-14 | Modified: 2024-08-05
CVE-2019-14909
Critical
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: n/a
Published: 2019-12-04 | Modified: 2024-08-05
CVE-2019-14906
High
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: red hat
Published: 2020-01-07 | Modified: 2024-08-05
CVE-2019-14905
High
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: red hat
Published: 2020-03-31 | Modified: 2024-08-05
CVE-2019-14910
Critical
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.
🛡️ CVSS: 9.3 🆕 New Entry
/vendors/: n/a
Published: 2019-12-05 | Modified: 2024-08-05
CVE-2019-14863
High
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: red hat
Published: 2020-01-02 | Modified: 2024-08-05
CVE-2019-14846
High
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: red hat
Published: 2019-10-08 | Modified: 2024-08-05
CVE-2019-14835
High
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: linux kernel
Published: 2019-09-17 | Modified: 2024-08-05
CVE-2019-14817
High
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: artifex software
Published: 2019-09-03 | Modified: 2024-08-05
CVE-2019-14869
High
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: ghostscript
Published: 2019-11-15 | Modified: 2024-08-05
CVE-2019-14895
High
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: red hat
Published: 2019-11-29 | Modified: 2024-08-05
CVE-2019-14893
High
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: red hat
Published: 2020-03-02 | Modified: 2024-08-05
CVE-2019-14889
High
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: red hat
Published: 2019-12-10 | Modified: 2024-08-05
CVE-2019-14887
High
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: red hat
Published: 2020-03-16 | Modified: 2024-08-05
CVE-2019-14868
High
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: kornshell
Published: 2020-04-02 | Modified: 2024-08-05
CVE-2019-14901
High
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: red hat
Published: 2019-11-29 | Modified: 2024-08-05
CVE-2019-14899
High
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: red hat
Published: 2019-12-11 | Modified: 2024-08-05
CVE-2019-14818
High
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: dpdk
Published: 2019-11-14 | Modified: 2024-08-05
CVE-2019-14892
High
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: red hat
Published: 2020-03-02 | Modified: 2024-08-05
CVE-2019-14894
High
A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: [unknown]
Published: 2020-06-22 | Modified: 2024-08-05
CVE-2019-14821
High
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: linux
Published: 2019-09-19 | Modified: 2024-08-05
CVE-2019-14888
High
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: red hat
Published: 2020-01-23 | Modified: 2024-08-05
CVE-2019-14844
High
A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including 1.17.x, in the way a Kerberos client could crash the KDC by sending one of the RFC 4556 "enctypes". A remote unauthenticated user could use this flaw to crash the KDC.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: mit
Published: 2019-09-26 | Modified: 2024-08-05
CVE-2019-14837
Critical
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: red hat
Published: 2020-01-07 | Modified: 2024-08-05
CVE-2019-14859
High
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: red hat
Published: 2020-01-02 | Modified: 2024-08-05
CVE-2019-14819
High
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [red hat]
Published: 2020-01-07 | Modified: 2024-08-05
CVE-2019-14867
High
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: red hat
Published: 2019-11-27 | Modified: 2024-08-05
CVE-2019-14843
High
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: red hat
Published: 2020-01-07 | Modified: 2024-08-05
CVE-2019-14896
High
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: red hat
Published: 2019-11-27 | Modified: 2024-08-05
CVE-2019-14842
High
Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: [unknown]
Published: 2019-11-26 | Modified: 2024-08-05
CVE-2019-14860
High
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: [unknown]
Published: 2019-11-08 | Modified: 2024-08-05
CVE-2019-14890
High
A vulnerability was found in Ansible Tower before 3.6.1 where an attacker with low privilege could retrieve usernames and passwords credentials from the new RHSM saved in plain text into the database at '/api/v2/config' when applying the Ansible Tower license.
🛡️ CVSS: 8.4 🆕 New Entry
/vendors/: [unknown]
Published: 2019-11-26 | Modified: 2024-08-05
CVE-2019-14858
High
A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible tower 3.x up to 3.5. When a module has an argument_spec with sub parameters marked as no_log, passing an invalid parameter name to the module will cause the task to fail before the no_log options in the sub parameters are processed. As a result, data in the sub parameter fields will not be masked and will be displayed if Ansible is run with increased verbosity and present in the module invocation arguments for the task.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: red hat
Published: 2019-10-14 | Modified: 2024-08-05
CVE-2019-14813
High
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: artifex software
Published: 2019-09-06 | Modified: 2024-08-05
CVE-2019-14812
High
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: red hat
Published: 2019-11-27 | Modified: 2024-08-05
CVE-2019-14811
High
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: artifex software
Published: 2019-09-03 | Modified: 2024-08-05
CVE-2019-14815
High
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: linux
Published: 2019-11-25 | Modified: 2024-08-05
CVE-2019-14693
High
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: n/a
Published: 2019-08-08 | Modified: 2024-08-05
CVE-2019-14416
High
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: n/a
Published: 2019-07-29 | Modified: 2024-08-05
CVE-2019-14431
Critical
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: n/a
Published: 2019-07-29 | Modified: 2024-08-05
CVE-2019-14417
High
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: n/a
Published: 2019-07-29 | Modified: 2024-08-05
CVE-2019-14418
Critical
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine.
🛡️ CVSS: 9.1 🆕 New Entry
/vendors/: n/a
Published: 2019-07-29 | Modified: 2024-08-05
CVE-2019-14307
High
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-08-26 | Modified: 2024-08-05
CVE-2019-14305
High
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-08-26 | Modified: 2024-08-05
CVE-2019-14308
Critical
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: n/a
Published: 2019-08-26 | Modified: 2024-08-05
CVE-2019-14300
Critical
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: n/a
Published: 2019-08-26 | Modified: 2024-08-05
CVE-2019-13946
High
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2020-02-11 | Modified: 2024-08-05
CVE-2019-13656
Critical
An access vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 allows a remote attacker to execute arbitrary code.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: ca technologies
Published: 2019-09-06 | Modified: 2024-08-04
CVE-2019-13478
Critical
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in term descriptions.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: n/a
Published: 2019-07-09 | Modified: 2024-08-04
CVE-2019-13320
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-04 | Modified: 2024-08-04
CVE-2019-13332
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of templates in XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9149.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13334
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2020-02-07 | Modified: 2024-08-04
CVE-2019-13322
High
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the miui.share application. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary application download. An attacker can leverage this vulnerability to execute code in the context of the user. Was ZDI-CAN-7483.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: xiaomi
Published: 2020-02-10 | Modified: 2024-08-04
CVE-2019-13343
Critical
Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not properly sanitize user input on the theme t parameter before reusing it in a path. This path is then used without validation to fetch a file and return its raw content to the user via the /wl?t=../../...&h= substring followed by a filename.
🛡️ CVSS: 9.9 🆕 New Entry
/vendors/: n/a
Published: 2019-10-02 | Modified: 2024-08-04
CVE-2019-13325
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8922.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13324
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8782.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13333
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2020-02-07 | Modified: 2024-08-04
CVE-2019-13327
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8888.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13330
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8742.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13319
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8669.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-04 | Modified: 2024-08-04
CVE-2019-13317
High
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8759.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-04 | Modified: 2024-08-04
CVE-2019-13328
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8913.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13329
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8695.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13315
High
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8656.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-04 | Modified: 2024-08-04
CVE-2019-13323
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8783.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13326
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of fields within Acroform objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8864.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13316
High
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8757.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-04 | Modified: 2024-08-04
CVE-2019-13331
High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8838.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: foxit
Published: 2019-10-03 | Modified: 2024-08-04
CVE-2019-13071
High
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-07-10 | Modified: 2024-08-04
CVE-2019-12936
High
BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: n/a
Published: 2019-06-23 | Modified: 2024-08-04
CVE-2019-12935
High
Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: n/a
Published: 2019-06-23 | Modified: 2024-08-04
CVE-2019-12804
High
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: hunesion
Published: 2019-07-10 | Modified: 2024-08-04
CVE-2019-12834
High
In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: n/a
Published: 2019-07-16 | Modified: 2024-08-04
CVE-2019-12803
High
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: hunesion
Published: 2019-07-10 | Modified: 2024-08-04
CVE-2019-12739
Critical
lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters).
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: n/a
Published: 2019-06-05 | Modified: 2024-08-04
CVE-2019-12728
High
Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: n/a
Published: 2019-06-04 | Modified: 2024-08-04
CVE-2019-12494
High
In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked.
🛡️ CVSS: 8.5 🆕 New Entry
/vendors/: n/a
Published: 2019-06-05 | Modified: 2024-08-04
CVE-2019-12439
High
bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.
🛡️ CVSS: 7.4 🆕 New Entry
/vendors/: n/a
Published: 2019-05-29 | Modified: 2024-08-04
CVE-2019-12325
High
The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: n/a
Published: 2019-07-22 | Modified: 2024-08-04
CVE-2019-12328
Critical
A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
🛡️ CVSS: 9.0 🆕 New Entry
/vendors/: n/a
Published: 2019-07-22 | Modified: 2024-08-04
CVE-2019-12324
High
A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: n/a
Published: 2019-07-22 | Modified: 2024-08-04
CVE-2019-12326
High
Missing file and path validation in the ringtone upload function of the Akuvox R50P VoIP phone 50.0.6.156 allows an attacker to upload a manipulated ringtone file, with an executable payload (shell commands within the file) and trigger code execution.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: n/a
Published: 2019-07-22 | Modified: 2024-08-04
CVE-2019-12327
High
Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow an attacker to get access to the device via telnet. The telnet service is running on port 2323; it cannot be turned off and the credentials cannot be changed.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: n/a
Published: 2019-07-22 | Modified: 2024-08-04
CVE-2019-12091
High
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: netskope x86
Published: 2019-09-26 | Modified: 2024-08-04
CVE-2019-11780
High
Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: odoo
Published: 2019-12-19 | Modified: 2024-08-04
CVE-2019-11654
High
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: micro focus
Published: 2019-08-23 | Modified: 2024-08-04
CVE-2019-11628
High
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3, September 2018 Patch 4, November 2018 Patch 4, or February 2019 Patch 2. An authenticated user may be able to bypass intended file-read restrictions via crafted Browser requests.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: n/a
Published: 2019-05-01 | Modified: 2024-08-04
CVE-2019-11542
High
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: n/a
Published: 2019-04-26 | Modified: 2024-08-04
CVE-2019-11541
High
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: n/a
Published: 2019-04-26 | Modified: 2024-08-04
CVE-2019-11405
High
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: n/a
Published: 2019-04-21 | Modified: 2024-08-04
CVE-2019-11540
High
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote attacker can conduct a session hijacking attack.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: n/a
Published: 2019-04-26 | Modified: 2024-08-04
CVE-2019-11508
High
In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit Directory Traversal to execute arbitrary code on the appliance.
🛡️ CVSS: 8.6 🆕 New Entry
/vendors/: n/a
Published: 2019-05-08 | Modified: 2024-08-04
CVE-2019-11494
High
In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: n/a
Published: 2019-05-08 | Modified: 2024-08-04
CVE-2019-11404
High
arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: n/a
Published: 2019-04-21 | Modified: 2024-08-04
CVE-2019-11457
High
Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: n/a
Published: 2019-08-27 | Modified: 2024-08-04
CVE-2019-10936
High
Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: siemens
Published: 2019-10-10 | Modified: 2024-08-04
CVE-2019-10880
Critical
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: xerox
Published: 2019-04-12 | Modified: 2024-08-04
CVE-2019-10881
Critical
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled.
🛡️ CVSS: 9.4 🆕 New Entry
/vendors/: xerox
Published: 2021-04-13 | Modified: 2024-08-04
CVE-2019-10202
High
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: redhat
Published: 2019-10-01 | Modified: 2024-08-04
CVE-2019-10220
High
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: suse
Published: 2019-11-27 | Modified: 2024-08-04
CVE-2019-10201
High
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to sensitive information.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: red hat
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-10192
High
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: redis labs
Published: 2019-07-11 | Modified: 2024-08-04
CVE-2019-10211
High
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: postgresql
Published: 2019-10-29 | Modified: 2024-08-04
CVE-2019-10216
High
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: ghostscript
Published: 2019-11-27 | Modified: 2024-08-04
CVE-2019-10208
High
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: postgresql
Published: 2019-10-29 | Modified: 2024-08-04
CVE-2019-10193
High
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: redis labs
Published: 2019-07-11 | Modified: 2024-08-04
CVE-2019-10174
High
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: [unknown]
Published: 2019-11-25 | Modified: 2024-08-04
CVE-2019-10185
High
It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: icedtea
Published: 2019-07-31 | Modified: 2024-08-04
CVE-2019-10164
High
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: postgresql
Published: 2019-06-26 | Modified: 2024-08-04
CVE-2019-10168
High
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: libvirt
Published: 2019-08-02 | Modified: 2024-08-04
CVE-2019-10161
High
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: libvirt
Published: 2019-07-30 | Modified: 2024-08-04
CVE-2019-10171
High
It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: redhat
Published: 2019-08-02 | Modified: 2024-08-04
CVE-2019-10137
High
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
🛡️ CVSS: 8.1 🆕 New Entry
/vendors/: spacewalkproject
Published: 2019-07-02 | Modified: 2024-08-04
CVE-2019-10160
Critical
A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: python
Published: 2019-06-07 | Modified: 2024-08-04
CVE-2019-10173
High
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
🛡️ CVSS: 7.3 🆕 New Entry
/vendors/: xstream
Published: 2019-07-23 | Modified: 2024-08-04
CVE-2019-10138
High
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: red hat
Published: 2019-07-30 | Modified: 2024-08-04
CVE-2019-10142
High
A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects.
🛡️ CVSS: 7.1 🆕 New Entry
/vendors/: redhat
Published: 2019-07-30 | Modified: 2024-08-04
CVE-2019-10182
High
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.
🛡️ CVSS: 8.2 🆕 New Entry
/vendors/: icedtea
Published: 2019-07-31 | Modified: 2024-08-04
CVE-2019-10152
High
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: podman
Published: 2019-07-30 | Modified: 2024-08-04
CVE-2019-10167
High
The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: libvirt
Published: 2019-08-02 | Modified: 2024-08-04
CVE-2019-10166
High
It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: libvirt
Published: 2019-08-02 | Modified: 2024-08-04
CVE-2019-10135
High
A flaw was found in the yaml.load() function in the osbs-client versions since 0.46 before 0.56.1. Insecure use of the yaml.load() function allowed the user to load any suspicious object for code execution via the parsing of malicious YAML files.
🛡️ CVSS: 7.2 🆕 New Entry
/vendors/: red hat
Published: 2019-07-11 | Modified: 2024-08-04
CVE-2019-10141
High
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.
🛡️ CVSS: 8.3 🆕 New Entry
/vendors/: redhat
Published: 2019-07-30 | Modified: 2024-08-04
CVE-2019-10132
High
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: libvirt
Published: 2019-05-22 | Modified: 2024-08-04
CVE-2019-1225
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1206
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: x64-based systems microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1213
Critical
No description available
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: x64-based systems microsoft 32-bit systems ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1194
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: windows server 2019 windows rt 8.1 windows 10 version 1607 for 32-bit systems windows 7 for 32-bit systems service pack 1 windows server 2016 windows 8.1 for 32-bit systems windows 10 version 1903 for 32-bit systems windows 10 version 1903 for x64-based systems windows 10 version 1607 for x64-based systems windows 10 version 1803 for arm64-based systems windows 10 version 1703 for x64-based systems windows 10 version 1809 for 32-bit systems windows 10 version 1803 for 32-bit systems windows 10 for x64-based systems windows 7 for x64-based systems service pack 1 windows server 2012 windows 10 version 1903 for arm64-based systems windows 10 version 1709 for x64-based systems windows server 2008 r2 for x64-based systems service pack 1 windows 10 version 1803 for x64-based systems windows 10 version 1709 for arm64-based systems windows 10 for 32-bit systems windows server 2008 for x64-based systems service pack 2 windows 10 version 1703 for 32-bit systems windows 10 version 1809 for x64-based systems windows 10 version 1709 for 32-bit systems windows 10 version 1809 for arm64-based systems windows 8.1 for x64-based systems microsoft windows server 2012 r2 windows server 2008 for 32-bit systems service pack 2
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1226
Critical
No description available
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1222
Critical
No description available
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1223
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1212
Critical
No description available
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1224
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1181
Critical
No description available
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1188
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1182
Critical
No description available
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1190
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1149
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1155
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1151
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1170
High
No description available
🛡️ CVSS: 7.9 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1157
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1162
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1156
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1140
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: windows server 2019 unknown windows server 2016 windows 10 version 1903 for 32-bit systems windows 10 version 1903 for x64-based systems windows 10 version 1607 for x64-based systems windows 10 version 1803 for arm64-based systems windows 10 version 1703 for x64-based systems windows 10 version 1809 for 32-bit systems windows 10 version 1803 for 32-bit systems windows 10 for x64-based systems windows 10 version 1903 for arm64-based systems windows 10 version 1709 for x64-based systems windows 10 version 1803 for x64-based systems windows 10 version 1709 for arm64-based systems windows 10 for 32-bit systems windows 10 version 1703 for 32-bit systems windows 10 version 1809 for x64-based systems windows 10 version 1709 for 32-bit systems windows 10 version 1809 for arm64-based systems microsoft windows 10 version 1607 for 32-bit systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1159
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1168
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1145
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1144
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1169
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: x64-based systems microsoft 32-bit systems ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1150
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1147
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1152
High
No description available
🛡️ CVSS: 8.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1146
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1164
High
No description available
🛡️ CVSS: 7.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1133
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: windows server 2019 windows rt 8.1 windows 10 version 1607 for 32-bit systems windows 7 for 32-bit systems service pack 1 windows server 2016 windows 8.1 for 32-bit systems windows 10 version 1903 for 32-bit systems windows 10 version 1903 for x64-based systems windows 10 version 1607 for x64-based systems windows 10 version 1803 for arm64-based systems windows 10 version 1703 for x64-based systems windows 10 version 1809 for 32-bit systems windows 10 version 1803 for 32-bit systems windows 10 for x64-based systems windows 7 for x64-based systems service pack 1 windows server 2012 windows 10 version 1903 for arm64-based systems windows 10 version 1709 for x64-based systems windows server 2008 r2 for x64-based systems service pack 1 windows 10 version 1803 for x64-based systems windows 10 version 1709 for arm64-based systems windows 10 for 32-bit systems windows server 2008 for x64-based systems service pack 2 windows 10 version 1703 for 32-bit systems windows 10 version 1809 for x64-based systems windows 10 version 1709 for 32-bit systems windows 10 version 1809 for arm64-based systems windows 8.1 for x64-based systems microsoft windows server 2012 r2 windows server 2008 for 32-bit systems service pack 2
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-1057
High
No description available
🛡️ CVSS: 7.5 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems unknown microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-0965
High
No description available
🛡️ CVSS: 7.6 🆕 New Entry
/vendors/: x64-based systems microsoft unknown
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-0736
Critical
No description available
🛡️ CVSS: 9.8 🆕 New Entry
/vendors/: 32-bit systems arm64-based systems x64-based systems microsoft ia64-based systems
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-0720
High
No description available
🛡️ CVSS: 8.0 🆕 New Entry
/vendors/: x64-based systems microsoft
Published: 2019-08-14 | Modified: 2024-08-04
CVE-2019-0160
High
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
🛡️ CVSS: 8.7 🆕 New Entry
/vendors/: n/a
Published: 2019-03-27 | Modified: 2024-08-04